Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Powershell script to automatically populate a security group in AD for all users with a regular mailbox

Posted on 2016-10-25
8
75 Views
Last Modified: 2016-10-26
Hello Experts,

I need some help with an script that I am writing. Basically, I need to populate a security group in AD with all users from my domain with a regular mailbox assigned.

The script must not populate all mail enabled objects, because this would add shared mailboxes, DLs and so on. I just need regular users with their mailbox to be added to a security group

I wrote the following

Import-Module ActiveDirectory
$user = Get-ADUser -filter *
$Group = "TenantCompanyName"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }


I would like to replace the filter * with something like below

Get-ADUser -Filter {EmailAddress -like "*"}
Get-ADUser -Filter {mail -like "*"}
-or-
Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}

For example, add JohnDoe@mydomain.com to the group above and so on

Again, this script is supposed to add all users from the domain with a valid email address to a security group. Shared mailboxes, DLs, and any other mail enabled object should be excluded

Any help is highly appreciated
0
Comment
Question by:Jerry Seinfield
  • 3
  • 3
  • 2
8 Comments
 

Author Comment

by:Jerry Seinfield
ID: 41859348
and, if you don't mind, please test the script in your lab domain
0
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 41859371
Why dont you simply use the Exchange cmdlets? Get-Recipient in particular can easily be used to return only user mailboxes:

Get-Recipient -RecipientTypeDetails UserMailbox

Open in new window

0
 

Author Comment

by:Jerry Seinfield
ID: 41859426
sure, and how you would adapt that to my script? how would the script look?

Anyone else?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41859461
IMO, you must have the RSAT tools installed (Install-WindowsFeature RSAT-ADDS) on the Exchange server and run the following script from the Exchange management shell...

Import-Module ActiveDirectory
$USER = Get-Recipient -RecipientTypeDetails UserMailbox
$GROUP = "TenantCompanyName"
$USER | ForEach-Object { Add-ADGroupMember $GROUP -Members $_.Alias }

Open in new window


Let us know.
0
 

Author Comment

by:Jerry Seinfield
ID: 41859494
Thanks Todd,

Can you or someone else please test my script in your lab domain?

Import-Module ActiveDirectory
# script to populate all regular users with a valid email address
# to a Security Group in AD
$user = Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}
$Group = "Tenant-EntAppsALL"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41859562
This should do it...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter {(Mail -like "*") -and (ObjectClass -eq "User")} -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0
 
LVL 40

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 250 total points
ID: 41859755
This will also return mail users though. If you dont want to use the exchange cmdlets, you should at least use exchange attributes to return a proper list of mailbox-enabled users.
0
 
LVL 15

Accepted Solution

by:
Todd Nelson earned 250 total points
ID: 41860360
Yes, Vasil.  I feel it would be best to base the filter on the 'msExchRecipientTypeDetails' attribute as each recipient type has a different value.

Refer to the different values here ... http://www.msexchange.org/kbase/ExchangeServerTips/MicrosoftOffice365/ExchangeOnline/msexchangerecipienttypedetails-active-directory-values.html

In that case, if we filter based only on user mailboxes, the script would look like this...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter { (msExchRecipientTypeDetails -eq "1") } -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In a previous video Micro Tutorial here at Experts Exchange (http://www.experts-exchange.com/videos/1358/How-to-get-a-free-trial-of-Office-365-with-the-Office-2016-desktop-applications.html), I explained how to get a free, one-month trial of Office …
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question