asked on

Powershell script to check each Security group which are not mail enabled and remove an contacts from those groups.

Hi,

Powershell script to check each Security group which are not mail enabled and remove an contacts from those groups.

The query has to be specific to securit groups and Non mail enabled only.
if mail enabled do nothing.

Log the changes into a csv.

Regards
sharath

Chris Dent

Quest again will be the best bet for things that aren't mail enabled.

Can you check and see if this is returns the right groups please?

Get-QADGroup -SearchRoot "OU=groups,DC=domain,DC=com" -SizeLimit 0 `
-LdapFilter "(!(legacyExchangeDN=*))"

If it does, we can extende that to do away with the contacts with the script below.

Chris

# Get the groups
Get-QADGroup -SearchRoot "OU=groups,DC=domain,DC=com" -SizeLimit 0 `
    -LdapFilter "(!(legacyExchangeDN=*))" | ForEach-Object {

  $Group = $_

  # Get the contacts from the group
  Get-QADGroupMember $Group.DN -Type Contact | ForEach-Object {

    # Log file output
    $_ | Select-Object @{n='GroupName';e={ $Group.Name }},
      Name, DN

    # Remove the member from the group
    Remove-QADGroupMember $Group.DN -Member $_.DN | Out-Null
  }
# Write the log file
} | Export-Csv "LogFile.csv"

Open in new window

bsharath

ASKER

ou want me to run this to test

Get-QADGroup -SearchRoot "OU=groups,DC=domain,DC=com" -SizeLimit 0 `
-LdapFilter "(!(legacyExchangeDN=*))"
Hope it just check and does not changes

ASKER CERTIFIED SOLUTION

Chris Dent

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

bsharath

ASKER

Hope it querys just non Mail enabled Security groups. Even though the OU has Mail enabled Security groups

Chris Dent

That's the intent. The version directly above is safe to run, no changes, just reporting.

Chris

bsharath