Powershell script to automatically populate a security group in AD for all users with a regular mailbox

Hello Experts,

I need some help with an script that I am writing. Basically, I need to populate a security group in AD with all users from my domain with a regular mailbox assigned.

The script must not populate all mail enabled objects, because this would add shared mailboxes, DLs and so on. I just need regular users with their mailbox to be added to a security group

I wrote the following

Import-Module ActiveDirectory
$user = Get-ADUser -filter *
$Group = "TenantCompanyName"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }


I would like to replace the filter * with something like below

Get-ADUser -Filter {EmailAddress -like "*"}
Get-ADUser -Filter {mail -like "*"}
-or-
Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}

For example, add JohnDoe@mydomain.com to the group above and so on

Again, this script is supposed to add all users from the domain with a valid email address to a security group. Shared mailboxes, DLs, and any other mail enabled object should be excluded

Any help is highly appreciated
Jerry SeinfieldAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Todd NelsonConnect With a Mentor Systems EngineerCommented:
Yes, Vasil.  I feel it would be best to base the filter on the 'msExchRecipientTypeDetails' attribute as each recipient type has a different value.

Refer to the different values here ... http://www.msexchange.org/kbase/ExchangeServerTips/MicrosoftOffice365/ExchangeOnline/msexchangerecipienttypedetails-active-directory-values.html

In that case, if we filter based only on user mailboxes, the script would look like this...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter { (msExchRecipientTypeDetails -eq "1") } -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0
 
Jerry SeinfieldAuthor Commented:
and, if you don't mind, please test the script in your lab domain
0
 
Vasil Michev (MVP)Commented:
Why dont you simply use the Exchange cmdlets? Get-Recipient in particular can easily be used to return only user mailboxes:

Get-Recipient -RecipientTypeDetails UserMailbox

Open in new window

0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Jerry SeinfieldAuthor Commented:
sure, and how you would adapt that to my script? how would the script look?

Anyone else?
0
 
Todd NelsonSystems EngineerCommented:
IMO, you must have the RSAT tools installed (Install-WindowsFeature RSAT-ADDS) on the Exchange server and run the following script from the Exchange management shell...

Import-Module ActiveDirectory
$USER = Get-Recipient -RecipientTypeDetails UserMailbox
$GROUP = "TenantCompanyName"
$USER | ForEach-Object { Add-ADGroupMember $GROUP -Members $_.Alias }

Open in new window


Let us know.
0
 
Jerry SeinfieldAuthor Commented:
Thanks Todd,

Can you or someone else please test my script in your lab domain?

Import-Module ActiveDirectory
# script to populate all regular users with a valid email address
# to a Security Group in AD
$user = Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}
$Group = "Tenant-EntAppsALL"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }
0
 
Todd NelsonSystems EngineerCommented:
This should do it...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter {(Mail -like "*") -and (ObjectClass -eq "User")} -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0
 
Vasil Michev (MVP)Connect With a Mentor Commented:
This will also return mail users though. If you dont want to use the exchange cmdlets, you should at least use exchange attributes to return a proper list of mailbox-enabled users.
0
All Courses

From novice to tech pro — start learning today.