Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Exchange Powershell script to find users NOT in a group
Hi,
I'm looking for the following (Exchange 2010):
List all users that have mailboxes but are not in a group called Metalogix*
We have a bunch of groups called metalogix_sitenames, so I would like to use a wildcard...
Thanks in advance!
Tom
I'm looking for the following (Exchange 2010):
List all users that have mailboxes but are not in a group called Metalogix*
We have a bunch of groups called metalogix_sitenames, so I would like to use a wildcard...
Thanks in advance!
Tom
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Here you go...
Will.
Import-module activedirectory
$Users = Get-ADUser -Filter * -Properties sAMAccountName
$Group = "Export*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -eq $null)
{
Write-Output "$User.sAMAccountName is NOT part of this group"
}
else {
$Results = Get-ADUser -Identity $User.sAMAccountName -Properties Name, sAMAccountName, Mail |
select Name, sAMAccountName, Mail |
Export-csv "c:\results1.csv" -NTI -Append
}
}
Will.
Will - This brought back quite a few users that DID belong to the groups (changed $Group = "Export*" to "Metalogix*"
This also used AD - I was looking more for the script to qualify based on if a mailbox existed. Is this possible?
Thanks!
Tom
This also used AD - I was looking more for the script to qualify based on if a mailbox existed. Is this possible?
Thanks!
Tom
This brought back quite a few users that DID belong to the groups
Not sure how that would be happening. I have tested this in my lab and it works perfectly. Only providing me with the users that were part of the Export Groups.
However if you want to read all of the group memberships that a user is part of then you need to use the Get-ADPrincipalGroupMember
I can then change the $Results variable to a Exchange cmdlet like Get-mailbox and export the results rather than using Get-ADUser.
See below...
Import-module activedirectory
$Users = Get-Mailbox -ResultSize "unlimited"
$Group = "Metalogix*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -eq $null)
{
Write-Output "$User.sAMAccountName is NOT part of this group"
}
else {
$Results = Get-Mailbox -Identity $User.sAMAccountName |
select Name, sAMAccountName, PrimarySmtpAddress, Database |
Export-csv "c:\results1.csv" -NTI -Append
}
}
Will.
Just one question. Are these groups are you talking about only Distribution Groups or Mail Enabled Security Groups? If they are specifically Security Groups only then you need to use the Active Directory module.
If they are distribution groups then i might be able to do this completely in Exchange.
Will.
If they are distribution groups then i might be able to do this completely in Exchange.
Will.
Sorry for not getting back to you. I tried to run the script above on a CAS server, and it hammered the performance, so I canceled. The groups are global security, but I would want it to only look for users that have a mailbox. Can this be done with a AD PS, or would it need to be the Exchange PS?
The very first script i provided does exactly this. I guess i could have put in another line of code to weed out the accounts that are part of this Group but have a mailbox. I have modified my first script to only include AD Accounts that have a msExchRecipientTypeDetails
Try the following below.
UPDATED: I just read your original question over again and i see exactly where i was mixing things up. You specifically said to provide you a list of user that are NOT in any MetaLogix* groups and have mailboxes. I had this in reverse.
I have switched a couple of values. -ne $null and msExchRecipientTypeDetails
Sometimes it is good to read the initial question over again.
Let me know if you have any issues.
Will.
Try the following below.
Import-module activedirectory
$Users = Get-ADUser -Filter * -Properties sAMAccountName
$Group = "MetaLogix*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -ne $null)
{
Write-Output "$User.sAMAccountName is part of this $Group"
}
else {
$Results = Get-ADUser -Identity $User.sAMAccountName -Properties Name, sAMAccountName, Mail, msExchRecipientTypeDetails |
? { $_.msExchRecipientTypeDetails -eq "1" } | select Name, sAMAccountName, Mail, msExchRecipientTypeDetails
$Results | Export-csv "c:\results2.csv" -NTI -Append
}
}
UPDATED: I just read your original question over again and i see exactly where i was mixing things up. You specifically said to provide you a list of user that are NOT in any MetaLogix* groups and have mailboxes. I had this in reverse.
I have switched a couple of values. -ne $null and msExchRecipientTypeDetails
Sometimes it is good to read the initial question over again.
Let me know if you have any issues.
Will.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial