?
Solved

PowerShell script to add AD user in Distribution List using AD attribute

Posted on 2011-10-06
9
Medium Priority
?
1,199 Views
Last Modified: 2012-05-12
IM trying to find a PowerShell script that will populate active directory Distribtuion lists by using an AD Attribute of any user.

For example, a PoewrShell script that retrieves a selected Active Directory attribute  for all users (An attached file where fmCostCenter attribute have value of 200, 212 and 218 ), then parses this or interprets in some way, then based on this adds each user with the matching attribute value add to a distribution group. Before adding the user to Distribution Group make a check if the user is already present or not.

Script can be extended to remove the users from Distribution List those do not match this attribute value anymore. Because users keeps moving between different cost centers and do not want to be part of Distribution List.

Appreciate your help..
Thanks




Adsi.png
0
Comment
Question by:thakurdinesh
  • 4
  • 4
9 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 36930140
You can do this using the Quest AD cmdlets.
http://www.quest.com/powershell/activeroles-server.aspx
 Depending on what your group names are you will need to modify the script. This script uses the group names of
"Cost_Center_Group_200"
"Cost_Center_Group_212"
"Cost_Center_Group_218"


$CostCenters = "200", "212", "218"
foreach ($CostCenter in $CostCenters){
#Add Users
get-qaduser -ldapfilter "(fmCostCenter=$CostCenter)" -notmemberof "Cost_Center_Group_$CostCenter" | Add-QADGroupMember "Cost_Center_Group_$CostCenter"
#Remove Users
Get-QADGroupMember "Cost_Center_Group_$CostCenter" -properties fmCostCenter | Where {$_.fmCostCenter -ne "$CostCenter"} | foreach{Remove-QADGroupMember "Cost_Center_Group_$CostCenter" $_}
}

Open in new window

0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36930180
Here is another one that will be a little more efficient if you have large group membership


$CostCenters = "200", "212", "218"
foreach ($CostCenter in $CostCenters){
#Add Users
get-qaduser -ldapfilter "(fmCostCenter=$CostCenter)" -notmemberof "Cost_Center_Group_$CostCenter" | Add-QADGroupMember "Cost_Center_Group_$CostCenter"
#Remove Users
Get-QADGroupMember "Cost_Center_Group_$CostCenter" -LdapFilter "(!(fmCostCenter=$CostCenter))" | foreach{Remove-QADGroupMember "Cost_Center_Group_$CostCenter" $_}
}

Open in new window

0
 
LVL 7

Author Comment

by:thakurdinesh
ID: 36930583
Ken, I proposed this solution using Quest AD but rejected.. So I cannot use any quest cmdlet because of some scheduled jobs..

So can only use windows cmdlets.. I have similar VB script but that solution is also rejected.

Thanks
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 27

Expert Comment

by:KenMcF
ID: 36930660
What version of OS and Exchange are you running? Do you have Windows 7 or Server 2008R2?
0
 
LVL 7

Author Comment

by:thakurdinesh
ID: 36931823
Exchange 2007 and Server 2008 SP2 (not R2)
0
 
LVL 7

Author Comment

by:thakurdinesh
ID: 36931858
Between, we need to add these users from different cost centers to just One group.

The purpose fo this group is to restrict them sending emails using transport rule..

Thanks
0
 
LVL 27

Accepted Solution

by:
KenMcF earned 2000 total points
ID: 36936652
ok, since you have Exchange 2007 you can use the cmdlets. You will need to run this in an exhcnage server or a computer that has the exchange management tools installed. Change the $GroupDN to the distinguished name of the gorup you have and change the $searchroot to match your domain. This can also be cleaned up a little after you verify it works.

Add-PSSnapin *EX*
$CostCenters = "200", "212", "218"
$GroupDN = "CN=Cost_Center_Group_200,OU=LA,DC=DEVLAB,DC=LOCAL"
$SearchRoot = [ADSI]"LDAP://DC=devlab,DC=local"

Foreach ($CostCenter in $CostCenters){
    $FilterAdd = "(&(objectClass=user)(objectCategory=person)(fmcostcenter=$CostCenter)(!(memberof=$GroupDN)))"
    $Properties = "name","samaccountname","fmcostcenter", "distinguishedname"
    $Searcher = New-Object DirectoryServices.DirectorySearcher($SearchRoot, $FilterAdd)
    $Searcher.PageSize = 1000
    $Searcher.PropertiesToLoad.AddRange($Properties)
    $Searcher.FindAll() | Select-Object @{n='DN';e={ $_.Properties["distinguishedname"][0] }} | Foreach {
        Add-DistributionGroupMember -identity $GroupDN -member $($_.DN)
    }
}

$FilterDelete = "(&(objectClass=user)(objectCategory=person)(memberof=$GroupDN))"
$PropertiesDelete = "fmcostcenter", "distinguishedname"
$SearcherDelete = New-Object DirectoryServices.DirectorySearcher($SearchRoot, $FilterDelete)
$SearcherDelete.PageSize = 1000
$SearcherDelete.PropertiesToLoad.AddRange($PropertiesDelete)
$SearcherDelete.FindAll() | Select-Object `
    @{n='DN';e={ $_.Properties["distinguishedname"][0] }},
    @{n='fmcostcenter';e={ $_.Properties["fmcostcenter"][0] }} | Foreach {
        If ($_.fmcostcenter -ne "200" -AND $_.fmcostcenter -ne "212" -AND $_.fmcostcenter -ne "218"){
            remove-DistributionGroupMember -identity $GroupDN -member $($_.DN) -confirm:$false
        }
    }

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 36937146
@KenMcF, sorry to hijack this thread a bit, but could I possibly get you to have a look at
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27362825.html
and offer your opinion as to whether the task is possible in Powershell?  Shouldn't take long....

Thanks, again...sorry....

Rob.
0
 
LVL 7

Author Comment

by:thakurdinesh
ID: 36951754
Thanks very much KenMcF!

Line no 8 I was not selecting the sAMAccountName...

Thanks again for your help.

0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Loops Section Overview

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question