Link to home
Start Free TrialLog in
Avatar of Jerry Seinfield
Jerry SeinfieldFlag for United States of America

asked on

Powershell script to automatically populate a security group in AD for all users with a regular mailbox

Hello Experts,

I need some help with an script that I am writing. Basically, I need to populate a security group in AD with all users from my domain with a regular mailbox assigned.

The script must not populate all mail enabled objects, because this would add shared mailboxes, DLs and so on. I just need regular users with their mailbox to be added to a security group

I wrote the following

Import-Module ActiveDirectory
$user = Get-ADUser -filter *
$Group = "TenantCompanyName"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }


I would like to replace the filter * with something like below

Get-ADUser -Filter {EmailAddress -like "*"}
Get-ADUser -Filter {mail -like "*"}
-or-
Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}

For example, add JohnDoe@mydomain.com to the group above and so on

Again, this script is supposed to add all users from the domain with a valid email address to a security group. Shared mailboxes, DLs, and any other mail enabled object should be excluded

Any help is highly appreciated
Avatar of Jerry Seinfield
Jerry Seinfield
Flag of United States of America image

ASKER

and, if you don't mind, please test the script in your lab domain
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image
Why dont you simply use the Exchange cmdlets? Get-Recipient in particular can easily be used to return only user mailboxes:

Get-Recipient -RecipientTypeDetails UserMailbox

Open in new window

Avatar of Jerry Seinfield
Jerry Seinfield
Flag of United States of America image

ASKER

sure, and how you would adapt that to my script? how would the script look?

Anyone else?
Avatar of Todd Nelson
Todd Nelson
Flag of United States of America image
IMO, you must have the RSAT tools installed (Install-WindowsFeature RSAT-ADDS) on the Exchange server and run the following script from the Exchange management shell...

Import-Module ActiveDirectory
$USER = Get-Recipient -RecipientTypeDetails UserMailbox
$GROUP = "TenantCompanyName"
$USER | ForEach-Object { Add-ADGroupMember $GROUP -Members $_.Alias }

Open in new window


Let us know.
Avatar of Jerry Seinfield
Jerry Seinfield
Flag of United States of America image

ASKER

Thanks Todd,

Can you or someone else please test my script in your lab domain?

Import-Module ActiveDirectory
# script to populate all regular users with a valid email address
# to a Security Group in AD
$user = Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}
$Group = "Tenant-EntAppsALL"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }
Avatar of Todd Nelson
Todd Nelson
Flag of United States of America image
This should do it...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter {(Mail -like "*") -and (ObjectClass -eq "User")} -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

SOLUTION
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Todd Nelson
Todd Nelson
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial