Solved

dynamic exchange groups question

Posted on 2012-04-03
13
730 Views
Last Modified: 2012-06-27
I am trying to create a new dynamic exchange list that includes all of the user mailboxes from one global security group(SecGroup1) but excludes users from another global security group(SecGroup2). Here is what i tried.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit domain.com/Distribution Groups/ -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain, DC=com') -and -not(MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')) }

And here is the result

A positional parameter cannot be found that accepts argument 'Groups'.
    + CategoryInfo          : InvalidArgument: (:) [New-DynamicDistributionGroup], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-DynamicDistributionGroup
0
Comment
Question by:Apathaus
  • 7
  • 6
13 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 37803897
You need quotes around domain.com/Distribution Groups/
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 37803908
"-and -not(MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')" is also going to throw an error. You can't have logic operators right next to each other. -not is also not a powershell logic operator. You would do this instead: -and (MemberOfGroup -ne 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')

The operator -ne is Not Equal.
0
 

Author Comment

by:Apathaus
ID: 37803939
I have fixed that syntax errors. the group was created but it has no members. I assume it has something to do with my logic. SecGroup1 contains a large group of people and
and right now SecGroup2 doesn't have any members so NewDynGroup should contain all the same users as SecGroup1.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and -not (MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 39

Expert Comment

by:Adam Brown
ID: 37803957
is this the exact command you used? If so, you need to fix the last part according to my last post.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and -not (MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }

It should be like this:

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and (MemberOfGroup -ne 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }
0
 

Author Comment

by:Apathaus
ID: 37803976
I saw you post after I had submitted mine sorry about that. I have tried you code as well and i am still not seeing any members in the group when i click preview on the filter tab.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 37803983
Yeah. I think that memberofgroup thing might be going wrong. Gimme a minute to check.
0
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 37804043
hmm...Just ran a test on that syntax using a couple groups on my test network and it worked pretty flawlessly. You might want to make sure you have your DNs for the groups right (check for misspells and stuff).

Here's what I ran:
New-DynamicDistributionGroup -Name TestDG123 -OrganizationalUnit 'domain.com/home' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=test1,OU=home,DC=domain,DC=com') -and (-not(MemberOfGroup -eq 'CN=test2,OU=home,DC=domain,DC=com'))) }
0
 

Author Comment

by:Apathaus
ID: 37804089
I noticed you change back to the -not instead of MemberOfGroup -ne.

I have doubled checked the DNs and copy and pasted them from a dsquery on the samid to make sure i had it correct. Here is my actual code with out the names changed

New-DynamicDistributionGroup -Name WellnessProgram -OrganizationalUnit 'cwsl.edu/Exchange/Distribution Groups - Query-Based' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=Faculty-Staff,OU=Managed Groups,DC=cwsl,DC=edu') -and (-not(MemberOfGroup -eq 'CN=WellnessProgramExclusion,OU=Managed Groups,DC=cwsl,DC=edu'))) }
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 37804252
Yeah. I ran the command on my test network and checked the filter through the EMC and noticed it used the -not method, so I figured it's probably a good idea to use that. The syntax *should* be okay. Another option you have if it still doesn't work is to utilize the Custom Attribute system for Exchange. This is a group of about 12 AD attributes that can say pretty much anything you want them to and can be used with the new-dynamicdistributiongroup cmdlet to make it so only users with a specific entry in a custom attribute will be members of the Dynamic DL.
0
 

Author Comment

by:Apathaus
ID: 37807065
I am trying to avoid the Custom Attributes. What we are trying to build is an email this that everyone is member of by default but with an opt out option. for ease of management i want the opt out mechanism to be security group.
0
 

Author Comment

by:Apathaus
ID: 37807750
I am trying to break this down a bit and i tried running the following code and the group is still empty

New-DynamicDistributionGroup -Name WellnessProgram -OrganizationalUnit 'cwsl.edu/Exchange/Distribution Groups - Query-Based' -RecipientFilter { (RecipientType -eq 'UserMailbox') }

Something odd is going on here.
0
 

Accepted Solution

by:
Apathaus earned 0 total points
ID: 37807805
Figured it out. we needed to specify the recipient container variable because the by default it will use the local container.

RecipientContainer
Optional
Microsoft.Exchange.Configuration.Tasks.OrganizationalUnitIdParameter
The RecipientContainer parameter filters the recipients used to build the dynamic distribution group based on their location in Active Directory. The value of the RecipientContainer parameter can be the canonical name of an organizational unit (OU) or a domain. If you don't specify a value for the RecipientContainer parameter, the cmdlet will default to use the local container. This location is specified by using the OrganizationalUnit parameter.
0
 

Author Closing Comment

by:Apathaus
ID: 37822757
I researched the syntax and option and found a missing variable that needed to be defined.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question