# Ps1 script to compare OUs and shadow groups members
cls
Import-Module ActiveDirectory

$arr_ou = Get-ADOrganizationalUnit -Filter 'Name -like "*"' -SearchBase 'OU=yourOU, DC=yourdomain, DC=com' | Sort-Object
$out = $null
foreach ($ou in $arr_ou)
{   
   $arr_user = Get-ADUser -Filter * -SearchBase $ou.DistinguishedName -SearchScope OneLevel 
   $arr_group = Get-ADGroup -Filter {GroupCategory -eq 'security'} -SearchBase $ou.DistinguishedName -SearchScope OneLevel 	
   foreach ($group in $arr_group) 
   {			 
      if ($group.DistinguishedName -ne $null)
      {			
         $out = $out + "--------------------------------------------------------------`r`n" 
	 $out = $out + $group.Name + "`r`n" 

	 foreach ($user in $arr_user) 
	 {	
	    if ($user.DistinguishedName -ne $null)
	    {						
	       $result = Get-ADUser -Filter {memberOf -RecursiveMatch $group.DistinguishedName} -SearchBase $user.DistinguishedName -SearchScope Base 
	       if ($result -eq $null) 
	       {			    				
	          $out = $out + "(ou - > group)" + $user.Name + "`r`n" 							
	       }				
	    }
	 }  						
	 $arr_groupmember = Get-ADGroupMember -Identity $group.DistinguishedName  
	 foreach ($groupmember in $arr_groupmember) 
	 {
	    $result = Get-ADUser -Filter * -SearchBase $groupmember.DistinguishedName -SearchScope Base								
	    if ($result -eq $null) 
	    {
	       continue
	    }
	    $bool = $false
	    foreach ($user in $arr_user) 
	    {	
	       if ($groupmember.DistinguishedName -eq $user.DistinguishedName)
	       {
	          $bool = $true
	       }
	    }  
	    if ($bool -eq $false)
	    {						
	       $out = $out + "(group -> ou)" + $groupmember.Name + "`r`n" 
	    }								
	 }					
      }      				
   }   
}
 
$out = $out + "--------------------------------------------------------------`r`n" 
$out

# Send e-mail to admin
$EmailFrom = "info@yourdomain.com"
$EmailTo = "admin@yourdomain.com"
$Subject = "Shadow groups users"
$Body = $out
$SmtpServer = "127.0.0.1"
$smtp = New-Object net.mail.smtpclient($SmtpServer)
$smtp.Send($EmailFrom, $EmailTo, $Subject, $Body)