If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Exchange Powershell script to find users NOT in a group
Hi,
I'm looking for the following (Exchange 2010):
List all users that have mailboxes but are not in a group called Metalogix*
We have a bunch of groups called metalogix_sitenames, so I would like to use a wildcard...
Thanks in advance!
Tom
I'm looking for the following (Exchange 2010):
List all users that have mailboxes but are not in a group called Metalogix*
We have a bunch of groups called metalogix_sitenames, so I would like to use a wildcard...
Thanks in advance!
Tom
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Here you go...
Will.
Import-module activedirectory
$Users = Get-ADUser -Filter * -Properties sAMAccountName
$Group = "Export*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -eq $null)
{
Write-Output "$User.sAMAccountName is NOT part of this group"
}
else {
$Results = Get-ADUser -Identity $User.sAMAccountName -Properties Name, sAMAccountName, Mail |
select Name, sAMAccountName, Mail |
Export-csv "c:\results1.csv" -NTI -Append
}
}
Will.
Will - This brought back quite a few users that DID belong to the groups (changed $Group = "Export*" to "Metalogix*"
This also used AD - I was looking more for the script to qualify based on if a mailbox existed. Is this possible?
Thanks!
Tom
This also used AD - I was looking more for the script to qualify based on if a mailbox existed. Is this possible?
Thanks!
Tom
This brought back quite a few users that DID belong to the groups
Not sure how that would be happening. I have tested this in my lab and it works perfectly. Only providing me with the users that were part of the Export Groups.
However if you want to read all of the group memberships that a user is part of then you need to use the Get-ADPrincipalGroupMember
I can then change the $Results variable to a Exchange cmdlet like Get-mailbox and export the results rather than using Get-ADUser.
See below...
Import-module activedirectory
$Users = Get-Mailbox -ResultSize "unlimited"
$Group = "Metalogix*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -eq $null)
{
Write-Output "$User.sAMAccountName is NOT part of this group"
}
else {
$Results = Get-Mailbox -Identity $User.sAMAccountName |
select Name, sAMAccountName, PrimarySmtpAddress, Database |
Export-csv "c:\results1.csv" -NTI -Append
}
}
Will.
Just one question. Are these groups are you talking about only Distribution Groups or Mail Enabled Security Groups? If they are specifically Security Groups only then you need to use the Active Directory module.
If they are distribution groups then i might be able to do this completely in Exchange.
Will.
If they are distribution groups then i might be able to do this completely in Exchange.
Will.
Sorry for not getting back to you. I tried to run the script above on a CAS server, and it hammered the performance, so I canceled. The groups are global security, but I would want it to only look for users that have a mailbox. Can this be done with a AD PS, or would it need to be the Exchange PS?
The very first script i provided does exactly this. I guess i could have put in another line of code to weed out the accounts that are part of this Group but have a mailbox. I have modified my first script to only include AD Accounts that have a msExchRecipientTypeDetails
Try the following below.
UPDATED: I just read your original question over again and i see exactly where i was mixing things up. You specifically said to provide you a list of user that are NOT in any MetaLogix* groups and have mailboxes. I had this in reverse.
I have switched a couple of values. -ne $null and msExchRecipientTypeDetails
Sometimes it is good to read the initial question over again.
Let me know if you have any issues.
Will.
Try the following below.
Import-module activedirectory
$Users = Get-ADUser -Filter * -Properties sAMAccountName
$Group = "MetaLogix*"
ForEach ($user in $Users)
{
$Check = Get-ADPrincipalGroupMembership -Identity $User.sAMAccountName | ? { $_.Name -like $Group }
If ($Check -ne $null)
{
Write-Output "$User.sAMAccountName is part of this $Group"
}
else {
$Results = Get-ADUser -Identity $User.sAMAccountName -Properties Name, sAMAccountName, Mail, msExchRecipientTypeDetails |
? { $_.msExchRecipientTypeDetails -eq "1" } | select Name, sAMAccountName, Mail, msExchRecipientTypeDetails
$Results | Export-csv "c:\results2.csv" -NTI -Append
}
}
UPDATED: I just read your original question over again and i see exactly where i was mixing things up. You specifically said to provide you a list of user that are NOT in any MetaLogix* groups and have mailboxes. I had this in reverse.
I have switched a couple of values. -ne $null and msExchRecipientTypeDetails
Sometimes it is good to read the initial question over again.
Let me know if you have any issues.
Will.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
Will.