I'm using the following code to get all members in a group.
Get-DistributionGroupMember -Identity "Marketing USA"
The problems is, some of groups have more than 1000 members. So instead of loading all the records, is there a better way I can filter the result to see only the members I need.
I would like to search by Primary Email and Display Name.
My Exchange versions are 2010 and 2013.
For both Exchange 2010 and 2013 you can search by email address by creating a list of email addresses in regex form separated by |. Then use -imatch to match the email addresses you need. Note: This will search both primary and secondary address.
$EmailAddress = [regex]"Username1#Domain.com|Username2#Domain.com|Username3#Domain.com"
Get-DistributionGroupMember -Identity "Marketing USA" | Where { $_.EmailAddresses.SmtpAddress -imatch $EmailAddress }
Then to searching by display name you can all so use regex in the same way separating the names by |.
$DisplayName = [regex]"FirstName1 LastName1|FirstName2 LastName2|FirstName3 LastName3"
Get-DistributionGroupMember -Identity "Marketing USA" | Where { $_.DisplayName -imatch $DisplayName }
With this method of filtering you can also do partial searches. If you only put in the first name of the user you will get back all users with that name. The same goes will the email address search.
According to documentation by default the result size is limited to 1000. You will need to include -ResultSize Unlimited e.g. Get-DistributionGroupMember -Identity "Marketing USA" -ResultSize Unlimited to return more than that.
A distribution group is also an AD group. With the Get-ADGroup cmdlet you also get the possibility to filter the search in a much more effective way.
For example:
Get-ADGroup -Filter {proxyaddresses -like "SMTP:address#DOMAIN.COM"} (or use the mail attribute if that is equal to the primary email address in your org)
or
Get-ADGroup -Filter {displayname -eq "MyDL"} -Properties *
To use this cmdlet you might need to load the activedirectory ps module with 'import-module activedirectory' first in your powershell session.
Related
I need to do an AD export with the info below:
- all enable users NOT present in a specific group
- email address
- account name
and export everything into a csv file
Can u help me please?
Thanks!!!!
You could do something like the following:
$group = 'my group name'
$GroupMembers = Get-ADGroupMember $group -Recursive
Get-ADUser -Filter "Enabled -eq '$true'" -Properties Mail |
Where-Object { $_.SamAccountName -notin $GroupMembers.SamAccountName } |
Select-Object SamAccountName,Mail |
Export-Csv Output.csv -NoType
Get-ADGroupMember with the -Recursive switch will recursively retrieve AD objects that are a member of $group.
Get-ADUser utilizes a filter to only query enabled users. Notice that you must add the Mail property because email address attributes are not in the default display. You can tweak this filter to make the query faster. If you are willing to add a little complexity and do performance testing, it may be faster to build separate Get-ADUser -Filter ... queries than relying on Where-Object. Performance will depend on your AD size and how many members are in the target group.
I'm trying to find email addresses in O365 Exchange that matches a particular domain using PowerShell.
If I use:
Get-Recipient -ResultSize unlimited -filter '(PrimarySMTPAddress -like "*smith*")' | fl primarysmtpaddress
I get all the addresses that have the string
If I use:
Get-Recipient -ResultSize unlimited -filter '(PrimarySMTPAddress -like "*#domain*")' | fl primarysmtpaddress
I get no results.
It looks like nothing is matched after the #.
I want to use -filter rather than a where statement because it is so much faster.
I was able to reproduce your issue. It seems to be related to the the specific attribute you filtered on, "PrimarySMTPAddress".
I was able to get the filter statement to return results by changing it to leverage "EmailAddresses", another attribute the email address is stored in:
Get-Recipient -ResultSize unlimited -filter '(EmailAddresses -like "*#domain*")' | fl primarysmtpaddress
Something else I saw of note: the "filterable properties" documentation mentions avoiding using "PrimarySMTPAddress" for another reason that I didn't know of:
Don't use the PrimarySmtpAddress property; use the EmailAddresses property instead. Any filter that uses the PrimarySmtpAddress property will also search values in the EmailAddresses property. For example, if a mailbox has the primary email address dario#contoso.com, and the additional proxy addresses dario2#contoso.com and dario3#contoso.com, all of the following filters will return that mailbox in the result: "PrimarySmtpAddress -eq 'dario#contoso.com'", "PrimarySmtpAddress -eq 'dario2#contoso.com'", or "PrimarySmtpAddress -eq 'dario3#contoso.com'".
Source
https://learn.microsoft.com/en-us/powershell/exchange/filter-properties?view=exchange-ps
Is there a way to do the above? I've managed to follow the below link successfully but we're looking to set different limits based on the user's role.
The aforementioned link
Where is says :
Additional filters can be applied to the Get-Mailbox cmdlet or to the Get-User cmdlet to control the users for whom the change is applied. The following is an example in which three cmdlets are used to filter the command to the sales department of an organization:
Get-User | where {$_.Department -eq "Sales"} | Get-Mailbox | Set-Mailbox -ProhibitSendQuota < Value > -ProhibitSendReceiveQuota < Value > -IssueWarningQuota < Value >
Kinda got me confused as to where it's pulling the "Sales" group from?
Probably being a muppet here but any help appreciated.
You could do this, using the Active Directory PowerShell module:
Get-ADUser -Filter * -Properties Department | Where-Object { $_.Department -eq "Sales" } | [...]
But that's just pulling everybody and looking at the Department field from Active Directory. That's the example the article gives, but it doesn't answer your question about assigning quotas based on groups.
I suspect what you'll want based on your problem is this:
Get-ADGroupMember -Identity $GroupName | Get-ADUser | Get-MailBox | Set-ProhibitSendQuota [...]
I don't know if you need Get-ADUser there or if the output of Get-ADGroupMember can be piped directly to Get-MailBox. I no longer administer Exchange, so I don't have access to those cmdlets anymore. $GroupName can be the group's name, distinguished name, or even the SID, IIRC.
On our cloud-hosted O365 tenancy, I would like to run a PowerShell script which looks at every user and removes any reference to an e-mail domain I'm trying to get rid of.
As an example, if we have the following user:
Jimbob Goodemails
Jimbob.Goodemails#newdomain.com
Jimbob.Goodemails#olddomain.com
Jimbob.Goodemails#domain.onmicrosoft.com (the default O365 domain)
I would like to remove #olddomain.com addresses (in the above case, Jimbob.Goodemails#olddomain.com) from every user.
On most of these accounts, that domain will be set up as an alias - e.g. smtp:Jimbob.Goodemails#olddomain.com in the proxyAddresses field.
However, some users (far fewer, perhaps only 3 or 4) may have it as their main e-mail address (e.g. SMTP:Jimbob.Goodemails#olddomain.com in proxyAddresses but also as the mail and UPN attributes). These users can just use the default O365 e-mail address instead.
I have tried the following script, to no avail:
foreach($i in Get-Mailbox -ResultSize Unlimited) {
$i.EmailAddresses |
?{$_.AddressString -like '*#olddomain.com'} | %{
Set-Mailbox $i -EmailAddresses #{remove=$_}
}
}
It sits for a while, then appears to finish, but nothing has changed.
I have used an Active Directory PowerShell script which does this for my AD-synchronised users, so I'm primarily looking to change Cloud users and groups.
It would also be useful to know how to search for such users too.
The Method:
Create an Array of your Current SMTP's:
$SMTPs = $Mailbox.EmailAddresses -split ","
Remove the Unwanted SMTP Addresses:
$SMTPs | ? {$_ -notmatch 'olddomain.com'}
Then Update The Mailbox with the filtered SMTPs:
Set-Mailbox $Mailbox -EmailAddresses $SMTPs
In your Example:
foreach ($i in Get-Mailbox -ResultSize Unlimited)
{
$SMTPs = $i.EmailAddresses -split "," | ? {$_ -notmatch 'olddomain.com'}
Set-Mailbox $i -EmailAddresses $SMTPs
}
I'm trying to write a script to find disabled users that is member of one or more groups in a specific OU in AD. It will then remove all the groups for all the disabled users. I found this script which removes all groups from users in a csv file, but as i'm looking to run this as a scheduled task I prefer not to process users that already had their groups removed without having to move them to a different OU.
Import-Csv $csvFile | ForEach-Object {
# Disable the account
Disable-ADAccount -Identity $_.samAccountName
# Retrieve the user object and MemberOf property
$user = Get-ADUser -Identity $_.samAccountName -Properties MemberOf
# Remove all group memberships (will leave Domain Users as this is NOT in the MemberOf property returned by Get-ADUser)
foreach ($group in ($user | Select-Object -ExpandProperty MemberOf))
{
Remove-ADGroupMember -Identity $group -Members $user -Confirm:$false
}
}
Any idea on how to filter out the users with more then one group?
I'm using this script to export disabled users that has not logged on for 60 days:
Get-QADUser -searchRoot $OuDomain -searchScope OneLevel -InactiveFor 61 -NotLoggedOnFor 61 -disabled -sizelimit 0
Thx
You seem to have filter by ou part down which is good. You have some thoughts in the beginning of you post but the only actual question is how to filter out the users with more then one group. Not sure if that is a typo or not but I read that as checking the count of groups a user has. A more realistic interpretation of that is filter users that could have at least one of a list of groups. I'm going to cover both.
The Count
I'm sure this is not what you want but just want to cover the base. The following would also work in a Where-Object clause
If((get-aduser $user -Properties MemberOf).MemberOf.Count -gt 0){Process...}
Multiple Groups
I'm sure this was your intention. Locate users that could contain one of serveral groups. This is best handled with regex.
$groupsFilter = "citrix_GateKeeper","barracuda_spam_alerts"
$groupsFilter = "($($groupsFilter -join '|'))"
# $groupsFilter in this example is: (citrix_GateKeeper|barracuda_spam_alerts)
If(((Get-ADUser $user -Properties MemberOf).MemberOf) -match $groupsFilter){Process....}
Create a regex match string based on a string array of multiple groups. If $user is a member of either of those groups then true would be returned.
If nothing here is of any use to you then I would suggest making your question clearer. Hopefully this helps.