The PowerShell command Get-ADGroup is part of the Active Directory PowerShell module. Go to this article if you want to know how to install it.
To search effectively for groups in your Active Directory, you should use the Filter switch. Don’t extract all groups and then search the result set.
Use Get-ADGroup -Filter to search directly for improved performance.
Understand the Get-ADGroup Filter Parameter
With the many various filtering options available (LDAP filtering, oData v3.0 filtering, etc.), the filter switch often causes some confusion.
The filter switch used in the Get-ADGroup command uses the PowerShell expression language in the query string.
For example, this is different than, e.g., when using the Get-AzureADGroup command (which uses oData v3.0 filtering)!
The following operators should cover most of your needs:
| Operator | Meaning | Sample expression |
|---|---|---|
| -eq | Equal to | Name -eq “G.U.Marketing” |
| -ne | Not equal to | GroupType -ne “-2147483640” |
| -gt | Greater than | Modified -gt “01-06-2021” |
| -ge | Greater than or equal | Created -ge “01-01-2018” |
| -lt | Less than | Modified -lt “01-02-2021” |
| -le | Less than or equal | Created -le “01-01-2018” |
| -like | Wildcard search | extensionAttribute1 -like “*” |
| -notlike | Wildcard search with negation | Name -notlike “Exchange*” |
| -and | And | Name -like “G.U.*” -and Name -like “*legal*” |
| -or | Or | Name -like “*marketing*” -or Name -like “*legal*” |
Please notice the following in the above examples:
- Enclose the compared value(s) in apostrophes
- Use -like ‘*’ and -notlike ‘*’ to find empty or non-empty values
Below you have some code snippets that should point you in the right direction on how to structure your filters for your Get-ADGroup search queries:
Get-ADGroup -Filter 'Name -eq "G.U.Marketing"'Get-ADGroup -Filter 'GroupType -ne "-2147483640"'Get-ADGroup -Filter 'Modified -gt "01-06-2021"'Get-ADGroup -Filter 'Created -ge "01-01-2018"'Get-ADGroup -Filter 'Modified -lt "01-02-2021"'Get-ADGroup -Filter 'Created -le "01-01-2018"'Get-ADGroup -Filter 'extensionAttribute1 -like "*"'Get-ADGroup -Filter 'Name -notlike "Exchange*"'Get-ADGroup -Filter 'Name -like "G.U.*" -and Name -like "*legal*"'Get-ADGroup -Filter 'Name -like "*marketing*" -or Name -like "*legal*"'
How to Manage Office 365 from Active Directory
Easy365Manager is a snap-in to AD Users & Computers that allows you to manage Office 365 mailboxes and licenses as part of your standard AD management.
With Easy365Manager, you can perform all daily Office 365 management tasks directly from AD user properties. Even complex tasks like calendar delegation, which is usually only possible via PowerShell:
Easy365Manager extends user properties with two new tabs, so you no longer have to switch between multiple web consoles to perform daily management:
With Easy365Manager, you can perform all daily tasks from AD Users & Computers:
- Assign Office 365 licenses
- Manage shared mailbox delegation
- Configure calendar permissions
- Configure proxyAddresses (with format and uniqueness check)
- Replicate Azure AD Connect
And a lot more. See the complete feature list here.
Additionally, Easy365Manager lets you remove your on-premises Exchange Server. This will give you 100% protection from future zero-day exploits targeting Exchange Server.
Try the fully functional 30-day trial now. It only takes a few minutes to install, has zero learning curve, and we guarantee you’ll be saving hours of work before the end of the week!