dynamic exchange groups question

I am trying to create a new dynamic exchange list that includes all of the user mailboxes from one global security group(SecGroup1) but excludes users from another global security group(SecGroup2). Here is what i tried.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit domain.com/Distribution Groups/ -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain, DC=com') -and -not(MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')) }

And here is the result

A positional parameter cannot be found that accepts argument 'Groups'.
    + CategoryInfo          : InvalidArgument: (:) [New-DynamicDistributionGroup], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-DynamicDistributionGroup
ApathausAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
You need quotes around domain.com/Distribution Groups/
0
Adam BrownSr Solutions ArchitectCommented:
"-and -not(MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')" is also going to throw an error. You can't have logic operators right next to each other. -not is also not a powershell logic operator. You would do this instead: -and (MemberOfGroup -ne 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')

The operator -ne is Not Equal.
0
ApathausAuthor Commented:
I have fixed that syntax errors. the group was created but it has no members. I assume it has something to do with my logic. SecGroup1 contains a large group of people and
and right now SecGroup2 doesn't have any members so NewDynGroup should contain all the same users as SecGroup1.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and -not (MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Adam BrownSr Solutions ArchitectCommented:
is this the exact command you used? If so, you need to fix the last part according to my last post.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and -not (MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }

It should be like this:

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and (MemberOfGroup -ne 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }
0
ApathausAuthor Commented:
I saw you post after I had submitted mine sorry about that. I have tried you code as well and i am still not seeing any members in the group when i click preview on the filter tab.
0
Adam BrownSr Solutions ArchitectCommented:
Yeah. I think that memberofgroup thing might be going wrong. Gimme a minute to check.
0
Adam BrownSr Solutions ArchitectCommented:
hmm...Just ran a test on that syntax using a couple groups on my test network and it worked pretty flawlessly. You might want to make sure you have your DNs for the groups right (check for misspells and stuff).

Here's what I ran:
New-DynamicDistributionGroup -Name TestDG123 -OrganizationalUnit 'domain.com/home' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=test1,OU=home,DC=domain,DC=com') -and (-not(MemberOfGroup -eq 'CN=test2,OU=home,DC=domain,DC=com'))) }
0
ApathausAuthor Commented:
I noticed you change back to the -not instead of MemberOfGroup -ne.

I have doubled checked the DNs and copy and pasted them from a dsquery on the samid to make sure i had it correct. Here is my actual code with out the names changed

New-DynamicDistributionGroup -Name WellnessProgram -OrganizationalUnit 'cwsl.edu/Exchange/Distribution Groups - Query-Based' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=Faculty-Staff,OU=Managed Groups,DC=cwsl,DC=edu') -and (-not(MemberOfGroup -eq 'CN=WellnessProgramExclusion,OU=Managed Groups,DC=cwsl,DC=edu'))) }
0
Adam BrownSr Solutions ArchitectCommented:
Yeah. I ran the command on my test network and checked the filter through the EMC and noticed it used the -not method, so I figured it's probably a good idea to use that. The syntax *should* be okay. Another option you have if it still doesn't work is to utilize the Custom Attribute system for Exchange. This is a group of about 12 AD attributes that can say pretty much anything you want them to and can be used with the new-dynamicdistributiongroup cmdlet to make it so only users with a specific entry in a custom attribute will be members of the Dynamic DL.
0
ApathausAuthor Commented:
I am trying to avoid the Custom Attributes. What we are trying to build is an email this that everyone is member of by default but with an opt out option. for ease of management i want the opt out mechanism to be security group.
0
ApathausAuthor Commented:
I am trying to break this down a bit and i tried running the following code and the group is still empty

New-DynamicDistributionGroup -Name WellnessProgram -OrganizationalUnit 'cwsl.edu/Exchange/Distribution Groups - Query-Based' -RecipientFilter { (RecipientType -eq 'UserMailbox') }

Something odd is going on here.
0
ApathausAuthor Commented:
Figured it out. we needed to specify the recipient container variable because the by default it will use the local container.

RecipientContainer
Optional
Microsoft.Exchange.Configuration.Tasks.OrganizationalUnitIdParameter
The RecipientContainer parameter filters the recipients used to build the dynamic distribution group based on their location in Active Directory. The value of the RecipientContainer parameter can be the canonical name of an organizational unit (OU) or a domain. If you don't specify a value for the RecipientContainer parameter, the cmdlet will default to use the local container. This location is specified by using the OrganizationalUnit parameter.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ApathausAuthor Commented:
I researched the syntax and option and found a missing variable that needed to be defined.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.