How to get all security groups that contain managedby?

Question

As part of the access review, I need to provide a report of security groups. I would like to know how I can do to have the list of all the security groups whose managedby field has a value.

Also, i would like the managedby to show only the full name

Here what i have

get-ADGroup -filter {(Managedby -contains "*") -and (GroupCategory -eq "Security")} -Properties * | Select Name, SamAccountName, ManagedBy

Answer 1

Your code is almost correct, the problem is -contains is a PowerShell comparison operator and is not supported by the Active Directory Filter .

When searching for an attribute not null (usually) :

• Using -Filter

"attributeName -like '*'"

• Using -LDAPFilter

"(attributeName=*)"

However for this case unfortunately I have no idea how to do this filter using -Filter (I personally dislike it), if you try:

Get-ADGroup -Filter "managedby -like '*'"

You would get the following error:

Get-ADGroup: Operator(s): The following: ''Eq', 'Ne'' are the only operator(s) supported for searching on extended attribute: 'ManagedBy'.

So, using -LDAPFilter , this is how your code should look:

$params = @{
    LDAPFilter = '(&(ManagedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))'
    Properties = 'Name', 'SamAccountName', 'ManagedBy'
}
Get-ADGroup @params | Select-Object $params['Properties']

groupType:1.2.840.113556.1.4.803:=2147483648 in LDAP Syntax is for Security Groups , more details in Active Directory: LDAP Syntax Filters