[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Powershell script to automatically populate a security group in AD for all users with a regular mailbox

Posted on 2016-10-25
8
Medium Priority
?
167 Views
Last Modified: 2016-10-26
Hello Experts,

I need some help with an script that I am writing. Basically, I need to populate a security group in AD with all users from my domain with a regular mailbox assigned.

The script must not populate all mail enabled objects, because this would add shared mailboxes, DLs and so on. I just need regular users with their mailbox to be added to a security group

I wrote the following

Import-Module ActiveDirectory
$user = Get-ADUser -filter *
$Group = "TenantCompanyName"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }


I would like to replace the filter * with something like below

Get-ADUser -Filter {EmailAddress -like "*"}
Get-ADUser -Filter {mail -like "*"}
-or-
Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}

For example, add JohnDoe@mydomain.com to the group above and so on

Again, this script is supposed to add all users from the domain with a valid email address to a security group. Shared mailboxes, DLs, and any other mail enabled object should be excluded

Any help is highly appreciated
0
Comment
Question by:Jerry Seinfield
  • 3
  • 3
  • 2
8 Comments
 

Author Comment

by:Jerry Seinfield
ID: 41859348
and, if you don't mind, please test the script in your lab domain
0
 
LVL 44

Expert Comment

by:Vasil Michev (MVP)
ID: 41859371
Why dont you simply use the Exchange cmdlets? Get-Recipient in particular can easily be used to return only user mailboxes:

Get-Recipient -RecipientTypeDetails UserMailbox

Open in new window

0
 

Author Comment

by:Jerry Seinfield
ID: 41859426
sure, and how you would adapt that to my script? how would the script look?

Anyone else?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Expert Comment

by:Todd Nelson
ID: 41859461
IMO, you must have the RSAT tools installed (Install-WindowsFeature RSAT-ADDS) on the Exchange server and run the following script from the Exchange management shell...

Import-Module ActiveDirectory
$USER = Get-Recipient -RecipientTypeDetails UserMailbox
$GROUP = "TenantCompanyName"
$USER | ForEach-Object { Add-ADGroupMember $GROUP -Members $_.Alias }

Open in new window


Let us know.
0
 

Author Comment

by:Jerry Seinfield
ID: 41859494
Thanks Todd,

Can you or someone else please test my script in your lab domain?

Import-Module ActiveDirectory
# script to populate all regular users with a valid email address
# to a Security Group in AD
$user = Get-ADObject -Filter {(mail -like "*") -and (ObjectClass -eq "user")}
$Group = "Tenant-EntAppsALL"

ForEach ($samAccountName in $user)
 {
 Add-ADGroupMember $Group -members $samAccountName
 }
0
 
LVL 17

Expert Comment

by:Todd Nelson
ID: 41859562
This should do it...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter {(Mail -like "*") -and (ObjectClass -eq "User")} -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0
 
LVL 44

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 1000 total points
ID: 41859755
This will also return mail users though. If you dont want to use the exchange cmdlets, you should at least use exchange attributes to return a proper list of mailbox-enabled users.
0
 
LVL 17

Accepted Solution

by:
Todd Nelson earned 1000 total points
ID: 41860360
Yes, Vasil.  I feel it would be best to base the filter on the 'msExchRecipientTypeDetails' attribute as each recipient type has a different value.

Refer to the different values here ... http://www.msexchange.org/kbase/ExchangeServerTips/MicrosoftOffice365/ExchangeOnline/msexchangerecipienttypedetails-active-directory-values.html

In that case, if we filter based only on user mailboxes, the script would look like this...

Import-Module ActiveDirectory
$USER = Get-ADObject -Filter { (msExchRecipientTypeDetails -eq "1") } -Properties *
$GROUP = "Tenant-EntAppsALL"
ForEach ($samAccountName in $USER) { Add-ADGroupMember $GROUP -Members $samAccountName }

Open in new window

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦
Loops Section Overview
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question