Powershell script to check each Security group which are not mail enabled and remove an contacts from those groups.

bsharath
bsharath used Ask the Experts™
on
Hi,

Powershell script to check each Security group which are not mail enabled and remove an contacts from those groups.

The query has to be specific to securit groups and Non mail enabled only.
if mail enabled do nothing.

Log the changes into a csv.

Regards
sharath

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Chris DentPowerShell Developer
Top Expert 2010

Commented:

Quest again will be the best bet for things that aren't mail enabled.

Can you check and see if this is returns the right groups please?


Get-QADGroup -SearchRoot "OU=groups,DC=domain,DC=com" -SizeLimit 0 `
  -LdapFilter "(!(legacyExchangeDN=*))"


If it does, we can extende that to do away with the contacts with the script below.

Chris
# Get the groups
Get-QADGroup -SearchRoot "OU=groups,DC=domain,DC=com" -SizeLimit 0 `
    -LdapFilter "(!(legacyExchangeDN=*))" | ForEach-Object {

  $Group = $_

  # Get the contacts from the group
  Get-QADGroupMember $Group.DN -Type Contact | ForEach-Object {

    # Log file output
    $_ | Select-Object @{n='GroupName';e={ $Group.Name }},
      Name, DN

    # Remove the member from the group
    Remove-QADGroupMember $Group.DN -Member $_.DN | Out-Null
  }
# Write the log file
} | Export-Csv "LogFile.csv"

Open in new window

Author

Commented:
ou want me to run this to test

Get-QADGroup -SearchRoot "OU=groups,DC=domain,DC=com" -SizeLimit 0 `
  -LdapFilter "(!(legacyExchangeDN=*))"
Hope it just check and does not changes
PowerShell Developer
Top Expert 2010
Commented:

The command you have there is safe, just looks, no changes.

If it finds the right group and you want to test again we can add -WhatIf onto the end of Remove-QADGroupMember (as below) as another safety-net.

Chris
# Get the groups
Get-QADGroup -SearchRoot "OU=groups,DC=domain,DC=com" -SizeLimit 0 `
    -LdapFilter "(!(legacyExchangeDN=*))" | ForEach-Object {

  $Group = $_

  # Get the contacts from the group
  Get-QADGroupMember $Group.DN -Type Contact | ForEach-Object {

    # Log file output
    $_ | Select-Object @{n='GroupName';e={ $Group.Name }},
      Name, DN

    # Remove the member from the group
    Remove-QADGroupMember $Group.DN -Member $_.DN -WhatIf
  }
# Write the log file
} | Export-Csv "LogFile.csv"

Open in new window

Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Author

Commented:
Hope it querys just non Mail enabled Security groups. Even though the OU has Mail enabled Security groups
Chris DentPowerShell Developer
Top Expert 2010

Commented:

That's the intent. The version directly above is safe to run, no changes, just reporting.

Chris

Author

Commented:
Ok now to actually run can i remove this
-WhatIf

will that be enough
Chris DentPowerShell Developer
Top Expert 2010

Commented:
Yes, that's all :)

Chris

Author

Commented:
Thank ou Chris worked perfect
any help with this
http://www.experts-exchange.com/Programming/Languages/Q_26295206.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial