Get All AD Groups That Have Blank Managed By Field

Question

I'm trying to get all AD groups that have a blank Managed By Name and the description of the AD group. I'm currently having issues with displaying no results using my filter, but am not sure why. Any help is appreciated.

Get-ADGroup -filter * | Where-Object {$_.ManagedBy -eq ""} | Select-Object manager,description | Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation

The current script is not showing any users which it should be showing several users

Answer 1

The problem is that Get-ADGroup does not return an object with the ManagedBy attribute by default, you need to ask for it (-Properties ManagedBy):

Get-ADGroup -Filter * -Properties ManagedBy, Manager, Description |
    Where-Object {-not $_.ManagedBy } | Select-Object samAccountName, Manager, Description |
    Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation

However, this operation is quite inefficient, you can use LDAP filtering capabilities for this:

Get-ADGroup -LDAPFilter "(!managedby=*)" -Properties Manager, Description |
    Select-Object samAccountName, Manager, Description |
    Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation

---

As a side note, Where-Object { $_.ManagedBy -eq "" } is likely to not return any results, you would be querying for AD Groups where their ManagedBy attribute is set and it's value is equal to an emptry string instead of filtering for groups that don't have the attribute set or it's value is $null or empty string ({-not $_.ManagedBy }):

$null -eq '' # => False: comparison fails here
-not $null   # => True
-not ''      # => True