Monday, September 25, 2017

Concise ShadowGroup Powershell Scripts

sync icon

The definition of a shadowgroup is simply the synchronization of members in an Active Directory OU to the memberships of an Active Directory Group.

Thanks goes to David K. Sutton for his post at

One caveat of his concise script was that Get-ADGroupMember, by default, has a limit of 5000 objects returned. Other internet sources reported an easy workaround by using the member property of the get-adgroup cmdlet.

So I present to you modified versions of a concise ShadowGroup powershell script. One no-frills version, and another with email support.

Written mostly StackEdit.