troubleshooting Question
Exchange 2007 - Find Distribution Group Memberships Across Domains?
synaptix asked on
I have a need to enumerate distribution group memberships via script (too time consuming and painful to do by hand). The only problem? We have Exchange 2007, and our AD organizational structure, though hierarchical, simple, and clean, has always caused EMS to be difficult to work with. Our AD is structured as shown below (all domains have direct two-way trust with the TLD.local domain though that should be irrelevant):
All Distribution groups are located in our corporate AD domain. The users for one particular DG are all located in a different domain. Other DGs have mixed members from various domains in our AD forest. The script below is what I have come up with that gets about half of the users I am expecting to see (missing ALL of those outside of domain1.TLD.local).
If I change "DC-DOMAIN1.domain1.local"
In short, I cannot enumerate complete group memberships using EMS *unless* all of the the MEMBER objects happen to exist on the same domain controller as the DISTRIBUTION GROUP itself. Does anyone have any ideas on how I can modify the above (or use different commands) to get a list of the MEMBERS of various distribution groups, when those MEMBERS may exist in a different AD domain than the GROUP?
My thanks in advance for any assistance.
TLD.local (Exchange servers here)
|
---- domain1.TLD.local (Distibution groups are all here)
|
---- domain2.TLD.local (Some group MEMBERS are here)
All Distribution groups are located in our corporate AD domain. The users for one particular DG are all located in a different domain. Other DGs have mixed members from various domains in our AD forest. The script below is what I have come up with that gets about half of the users I am expecting to see (missing ALL of those outside of domain1.TLD.local).
# Use a list of distribution groups (their SMTP addresses) we have been requested to report on.
$list = Get-Content "C:\TEMP\dgroups.txt"
# Put the list of found distribution groups (all present in a single domain) into an array.
$groups = Foreach ($item in $list) { Get-DistributionGroup $item -DomainController DC-DOMAIN1.domain1.TLD.local }
# Actually find group members.
$MembershipList = Foreach ( $group in $groups ) { Get-DistributionGroupMember $group -DomainController DC-DOMAIN1.domain1.TLD.local | Select @{Label="Group";Expression={$group.Name}},@{Label="User";Expression={$_.Name}},SamAccountName,PrimarySMTPAddress }
$MembershipList | Sort Group,User | Export-CSV "C:\TEMP\dgmembers.csv" -NoTypeInformation
If I change "DC-DOMAIN1.domain1.local"
In short, I cannot enumerate complete group memberships using EMS *unless* all of the the MEMBER objects happen to exist on the same domain controller as the DISTRIBUTION GROUP itself. Does anyone have any ideas on how I can modify the above (or use different commands) to get a list of the MEMBERS of various distribution groups, when those MEMBERS may exist in a different AD domain than the GROUP?
My thanks in advance for any assistance.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.