?
Solved

Powershell script to automatically populate a security group in AD for all users with a regular mailbox

Posted on 2016-10-25
8
Medium Priority
?
202 Views
Last Modified: 2016-10-26
Hello Experts,

I need some help with an script that I am writing. Basically, I need to populate a security group in AD with all users from my domain with a regular mailbox assigned.

The script must not populate all mail enabled objects, because this would add shared mailboxes, DLs and so on. I just need regular users with their mailbox to be added to a security group

I wrote the following

Import-Module ActiveDirectory
$user = Get-ADUser -filter *
$Group = "TenantCompanyName"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }


I would like to replace the filter * with something like below

Get-ADUser -Filter {EmailAddress -like "*"}
Get-ADUser -Filter {mail -like "*"}
-or-
Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}

For example, add JohnDoe@mydomain.com to the group above and so on

Again, this script is supposed to add all users from the domain with a valid email address to a security group. Shared mailboxes, DLs, and any other mail enabled object should be excluded

Any help is highly appreciated
0
Comment
Question by:Jerry Seinfield
  • 3
  • 3
  • 2
8 Comments
 

Author Comment

by:Jerry Seinfield
ID: 41859348
and, if you don't mind, please test the script in your lab domain
0
 
LVL 46

Expert Comment

by:Vasil Michev (MVP)
ID: 41859371
Why dont you simply use the Exchange cmdlets? Get-Recipient in particular can easily be used to return only user mailboxes:

Get-Recipient -RecipientTypeDetails UserMailbox

Open in new window

0
 

Author Comment

by:Jerry Seinfield
ID: 41859426
sure, and how you would adapt that to my script? how would the script look?

Anyone else?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 19

Expert Comment

by:Todd Nelson
ID: 41859461
IMO, you must have the RSAT tools installed (Install-WindowsFeature RSAT-ADDS) on the Exchange server and run the following script from the Exchange management shell...

Import-Module ActiveDirectory
$USER = Get-Recipient -RecipientTypeDetails UserMailbox
$GROUP = "TenantCompanyName"
$USER | ForEach-Object { Add-ADGroupMember $GROUP -Members $_.Alias }

Open in new window


Let us know.
0
 

Author Comment

by:Jerry Seinfield
ID: 41859494
Thanks Todd,

Can you or someone else please test my script in your lab domain?

Import-Module ActiveDirectory
# script to populate all regular users with a valid email address
# to a Security Group in AD
$user = Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}
$Group = "Tenant-EntAppsALL"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }
0
 
LVL 19

Expert Comment

by:Todd Nelson
ID: 41859562
This should do it...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter {(Mail -like "*") -and (ObjectClass -eq "User")} -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0
 
LVL 46

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 1000 total points
ID: 41859755
This will also return mail users though. If you dont want to use the exchange cmdlets, you should at least use exchange attributes to return a proper list of mailbox-enabled users.
0
 
LVL 19

Accepted Solution

by:
Todd Nelson earned 1000 total points
ID: 41860360
Yes, Vasil.  I feel it would be best to base the filter on the 'msExchRecipientTypeDetails' attribute as each recipient type has a different value.

Refer to the different values here ... http://www.msexchange.org/kbase/ExchangeServerTips/MicrosoftOffice365/ExchangeOnline/msexchangerecipienttypedetails-active-directory-values.html

In that case, if we filter based only on user mailboxes, the script would look like this...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter { (msExchRecipientTypeDetails -eq "1") } -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you working to mount the dismounted Exchange 2013 database? Then the best course of action is to analyze the causes of Database issue, their probable solutions and decide for the appropriate course of action.
Fix RPC Server is unavailable Error in Exchange 2013, 2010, 2007, and 2003 Server. Different reason can such as network connectivity issue, name resolution issue, firewall, registry corruption that lead to RPC Server Unavailable error.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
If you are looking for an automated solution for backup single or multiple Office 365 user mailboxes to Outlook data file, then you can use Kernel Office 365 Backup & Restore tool. Go through the video to check out the steps to backup single or mult…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question