asked on Exchange Powershell script to find users NOT in a group
Hi,
I'm looking for the following (Exchange 2010):
List all users that have mailboxes but are not in a group called Metalogix*
We have a bunch of groups called metalogix_sitenames, so I would like to use a wildcard...
Thanks in advance!
Tom
I'm looking for the following (Exchange 2010):
List all users that have mailboxes but are not in a group called Metalogix*
We have a bunch of groups called metalogix_sitenames, so I would like to use a wildcard...
Thanks in advance!
Tom
PowershellExchange
Last Comment
Will Szymkowski
Here you go...
Will.
Import-module activedirectory
$Users = Get-ADUser -Filter * -Properties sAMAccountName
$Group = "Export*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -eq $null)
{
Write-Output "$User.sAMAccountName is NOT part of this group"
}
else {
$Results = Get-ADUser -Identity $User.sAMAccountName -Properties Name, sAMAccountName, Mail |
select Name, sAMAccountName, Mail |
Export-csv "c:\results1.csv" -NTI -Append
}
}
Will.
ASKER
Will - This brought back quite a few users that DID belong to the groups (changed $Group = "Export*" to "Metalogix*"
This also used AD - I was looking more for the script to qualify based on if a mailbox existed. Is this possible?
Thanks!
Tom
This also used AD - I was looking more for the script to qualify based on if a mailbox existed. Is this possible?
Thanks!
Tom
This brought back quite a few users that DID belong to the groups
Not sure how that would be happening. I have tested this in my lab and it works perfectly. Only providing me with the users that were part of the Export Groups.
However if you want to read all of the group memberships that a user is part of then you need to use the Get-ADPrincipalGroupMember
I can then change the $Results variable to a Exchange cmdlet like Get-mailbox and export the results rather than using Get-ADUser.
See below...
Import-module activedirectory
$Users = Get-Mailbox -ResultSize "unlimited"
$Group = "Metalogix*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -eq $null)
{
Write-Output "$User.sAMAccountName is NOT part of this group"
}
else {
$Results = Get-Mailbox -Identity $User.sAMAccountName |
select Name, sAMAccountName, PrimarySmtpAddress, Database |
Export-csv "c:\results1.csv" -NTI -Append
}
}
Will.
Just one question. Are these groups are you talking about only Distribution Groups or Mail Enabled Security Groups? If they are specifically Security Groups only then you need to use the Active Directory module.
If they are distribution groups then i might be able to do this completely in Exchange.
Will.
If they are distribution groups then i might be able to do this completely in Exchange.
Will.
ASKER
Sorry for not getting back to you. I tried to run the script above on a CAS server, and it hammered the performance, so I canceled. The groups are global security, but I would want it to only look for users that have a mailbox. Can this be done with a AD PS, or would it need to be the Exchange PS?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks for staying with this Will - It ended up being EXACTLY what I needed!
EXCELLENT, glad I could help!
Will.
Will.
Will.