?
Solved

exchange 2007, scripts

Posted on 2016-09-16
15
Medium Priority
?
93 Views
Last Modified: 2016-10-10
I am attaching script which I use to create bulk mailbox in resource forest setup.

the only thing I am missing AD groups  , I need to make them manually member of some groups like active sync, tablets group,

is there any way I can edit my script so that users created are also having members of AD groups so I don't need to manually add for each  user.
mailbox-script-main-1.txt
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
15 Comments
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41802574
Unfortunately you cannot use New-Mailbox or Set-Mailbox to add a distribution group for a user mailbox.

Try using Add-DistributionGroupMember ... https://technet.microsoft.com/en-us/library/bb124340(v=exchg.160).aspx

When I've scripted adding users to distros, I've had to add users one by one to the distro because I could not add multiple users at once to a group.  Therefore the CSV would look like this...

User,DistroGroup
JDoe,Group1
JDoe,Group2
JDoe,Group3
JSmith,Group3
JCool,Group1
JCool,Group4

Open in new window


Hope thise helps.
0
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 41802580
Import-CSV CreateMailboxes-tt.csv | ForEach {
New-Mailbox -Alias $_.alias -Name $_.name -FirstName $_.Givenname -LastName $_.Surname -userPrincipalName $_.UPN -Database “Field Mailbox Database” -OrganizationalUnit ' Email accounts' -Password $Password -LinkedDomainController "domain..COM" -LinkedMasterAccount "domain\$($_.Name)";
Get-ADUser -Filter {userprincipalname -like $_.upn} | Disable-ADAccount
Add-DistributionGroupMember -Identity "ActiveSync" -Member $_.upn
Add-DistributionGroupMember -Identity "OWA" -Member $_.upn
}


$Password=Read-Host “Enter Password” –AsSecureString
0
 

Author Comment

by:pramod1
ID: 41803775
Hi akhater,

I will set up like this tomorrow and let you know , just to confirm whether user is a member of security or distribution group the command will follow the same ?

thanks
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 49

Expert Comment

by:Akhater
ID: 41803777
This is for distribution groups  it can be a security group but it has to be email enabled in exchange
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41803778
This is for distribution groups  it can be a security group but it has to be email enabled in exchange
0
 

Author Comment

by:pramod1
ID: 41803785
it is a universal distribution group mail enabled I just cheked now

but when I execute the script in exchange shell do I need to type like colon or semi colon after disable-AD account or add the line which you mentioned

Get-ADUser -Filter {userprincipalname -like $_.upn} | Disable-ADAccount
 Add-DistributionGroupMember -Identity "ActiveSync" -Member $_.upn
 Add-DistributionGroupMember -Identity "OWA" -Member $_.upn
 }
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41803790
You do not need to add the ; it can be replaced by an "enter"  at the end of each line
0
 
LVL 49

Expert Comment

by:Akhater
ID: 41803791
If you want to run it as one line then you need to add the semicolon
0
 

Author Comment

by:pramod1
ID: 41803797
thanks I will let you know tomorrow
0
 

Author Comment

by:pramod1
ID: 41836937
where we have exchange and disabled AD accounts on the same exchange server, I tried adding last 2 lines(distribution group) in the script but it didn't add the user in the group but the script as a whole ran successfully
 first question

 1)  have I missed anything, I am running all in one line
 2) we have enabled AD accounts in domain.com, I am right now manually creating those accounts and then running the script

 which creates Disabled AD accounts and exchange account in resource forest, can I run separately a script so it creats enabled AD ACCOUNTS in the account forest domain.com

 3) when the script runs on the exchange side I want user@domain-retail.com also added in the email address as primary

 Import-CSV CreateMailboxes-tt.csv | ForEach {
  New-Mailbox -Alias $_.alias -Name $_.name -FirstName $_.Givenname -LastName $_.Surname -userPrincipalName $_.UPN -Database “Field Mailbox Database” -OrganizationalUnit ' Email accounts' -Password $Password -LinkedDomainController "domain..COM" -LinkedMasterAccount "domain\$($_.Name)";
  Get-ADUser -Filter {userprincipalname -like $_.upn} | Disable-ADAccount
  Add-DistributionGroupMember -Identity "ActiveSync" -Member $_.upn;
  Add-DistributionGroupMember -Identity "OWA" -Member $_.upn;
  }

I am running this as one whole line , script runs but never makes the user member of those groups
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41836965
If you are not the manager of those specific distributions groups, you will need to add the "-BypassSecurityGroupManagerCheck" parameter to the end of each of those commands...

Add-DistributionGroupMember -Identity "ActiveSync" -Member $_.upn -BypassSecurityGroupManagerCheck

Open in new window


Add-DistributionGroupMember -Identity "OWA" -Member $_.upn -BypassSecurityGroupManagerCheck

Open in new window


That parameter will allow the user to be added to the DG without manager permission.
0
 

Author Comment

by:pramod1
ID: 41836972
I am the admin and I need to add the users in those group, right now after script runs then I need to go to user propertie sin AD and then add them to those groups

can you put in the script
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41837000
Disregard what I recommended about using the "-BypassSecurityGroupManagerCheck" parameter.  That parameter is not available in and does not apply to Exchange 2007.
0
 

Author Comment

by:pramod1
ID: 41837006
so what am I missing here I am running all in one line and that email distribution group is not adding to user properties.

Import-CSV CreateMailboxes-tt.csv | ForEach {
   New-Mailbox -Alias $_.alias -Name $_.name -FirstName $_.Givenname -LastName $_.Surname -userPrincipalName $_.UPN -Database “Field Mailbox Database” -OrganizationalUnit ' Email accounts' -Password $Password -LinkedDomainController "domain..COM" -LinkedMasterAccount "domain\$($_.Name)";
   Get-ADUser -Filter {userprincipalname -like $_.upn} | Disable-ADAccount
   Add-DistributionGroupMember -Identity "ActiveSync" -Member $_.upn;
   Add-DistributionGroupMember -Identity "OWA" -Member $_.upn;
   }

also I posted another question where I am running script bulk add user account creation and I am getting this error
Capture1.JPG
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41837064
I suggest opening a new request since you already awarded points to this question.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question