Solved

dynamic exchange groups question

Posted on 2012-04-03
13
721 Views
Last Modified: 2012-06-27
I am trying to create a new dynamic exchange list that includes all of the user mailboxes from one global security group(SecGroup1) but excludes users from another global security group(SecGroup2). Here is what i tried.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit domain.com/Distribution Groups/ -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain, DC=com') -and -not(MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')) }

And here is the result

A positional parameter cannot be found that accepts argument 'Groups'.
    + CategoryInfo          : InvalidArgument: (:) [New-DynamicDistributionGroup], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,New-DynamicDistributionGroup
0
Comment
Question by:Apathaus
  • 7
  • 6
13 Comments
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37803897
You need quotes around domain.com/Distribution Groups/
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37803908
"-and -not(MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')" is also going to throw an error. You can't have logic operators right next to each other. -not is also not a powershell logic operator. You would do this instead: -and (MemberOfGroup -ne 'CN=SecGroup2,OU=Managed Groups,DC=domain, DC=com')

The operator -ne is Not Equal.
0
 

Author Comment

by:Apathaus
ID: 37803939
I have fixed that syntax errors. the group was created but it has no members. I assume it has something to do with my logic. SecGroup1 contains a large group of people and
and right now SecGroup2 doesn't have any members so NewDynGroup should contain all the same users as SecGroup1.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and -not (MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37803957
is this the exact command you used? If so, you need to fix the last part according to my last post.

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and -not (MemberOfGroup -eq 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }

It should be like this:

New-DynamicDistributionGroup -Name NewDynGroup -OrganizationalUnit 'domain.com/Distribution Groups/' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=SecGroup1,OU=Managed Groups,DC=domain,DC=com') -and (MemberOfGroup -ne 'CN=SecGroup2,OU=Managed Groups,DC=domain,DC=com')) }
0
 

Author Comment

by:Apathaus
ID: 37803976
I saw you post after I had submitted mine sorry about that. I have tried you code as well and i am still not seeing any members in the group when i click preview on the filter tab.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37803983
Yeah. I think that memberofgroup thing might be going wrong. Gimme a minute to check.
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 37804043
hmm...Just ran a test on that syntax using a couple groups on my test network and it worked pretty flawlessly. You might want to make sure you have your DNs for the groups right (check for misspells and stuff).

Here's what I ran:
New-DynamicDistributionGroup -Name TestDG123 -OrganizationalUnit 'domain.com/home' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=test1,OU=home,DC=domain,DC=com') -and (-not(MemberOfGroup -eq 'CN=test2,OU=home,DC=domain,DC=com'))) }
0
 

Author Comment

by:Apathaus
ID: 37804089
I noticed you change back to the -not instead of MemberOfGroup -ne.

I have doubled checked the DNs and copy and pasted them from a dsquery on the samid to make sure i had it correct. Here is my actual code with out the names changed

New-DynamicDistributionGroup -Name WellnessProgram -OrganizationalUnit 'cwsl.edu/Exchange/Distribution Groups - Query-Based' -RecipientFilter { ((RecipientType -eq 'UserMailbox') -and (MemberOfGroup -eq 'CN=Faculty-Staff,OU=Managed Groups,DC=cwsl,DC=edu') -and (-not(MemberOfGroup -eq 'CN=WellnessProgramExclusion,OU=Managed Groups,DC=cwsl,DC=edu'))) }
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37804252
Yeah. I ran the command on my test network and checked the filter through the EMC and noticed it used the -not method, so I figured it's probably a good idea to use that. The syntax *should* be okay. Another option you have if it still doesn't work is to utilize the Custom Attribute system for Exchange. This is a group of about 12 AD attributes that can say pretty much anything you want them to and can be used with the new-dynamicdistributiongroup cmdlet to make it so only users with a specific entry in a custom attribute will be members of the Dynamic DL.
0
 

Author Comment

by:Apathaus
ID: 37807065
I am trying to avoid the Custom Attributes. What we are trying to build is an email this that everyone is member of by default but with an opt out option. for ease of management i want the opt out mechanism to be security group.
0
 

Author Comment

by:Apathaus
ID: 37807750
I am trying to break this down a bit and i tried running the following code and the group is still empty

New-DynamicDistributionGroup -Name WellnessProgram -OrganizationalUnit 'cwsl.edu/Exchange/Distribution Groups - Query-Based' -RecipientFilter { (RecipientType -eq 'UserMailbox') }

Something odd is going on here.
0
 

Accepted Solution

by:
Apathaus earned 0 total points
ID: 37807805
Figured it out. we needed to specify the recipient container variable because the by default it will use the local container.

RecipientContainer
Optional
Microsoft.Exchange.Configuration.Tasks.OrganizationalUnitIdParameter
The RecipientContainer parameter filters the recipients used to build the dynamic distribution group based on their location in Active Directory. The value of the RecipientContainer parameter can be the canonical name of an organizational unit (OU) or a domain. If you don't specify a value for the RecipientContainer parameter, the cmdlet will default to use the local container. This location is specified by using the OrganizationalUnit parameter.
0
 

Author Closing Comment

by:Apathaus
ID: 37822757
I researched the syntax and option and found a missing variable that needed to be defined.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now