It’s easy to get a list of all members of a Distribution Group. The Exchange shell (EMS) ships with the Get-DistributionGroupMember cmdlet that makes it a short one-liner (compared to 100s of lines of code in VBS).
However, how do we get all Distribution Groups a user, group, or contact is a member of? There’s no equivalent cmdlet that can list a recipient’s distribution group memberships using the shell. From the AD side, a recipient’s memberOf attribute is a back-linked attribute, which I briefly talked about in memberOf Attribute can now be used in OPATH filters!. A group’s membership is stored in the group’s member attribute.
In the following command/script (what’s the boundary between a command and a script?? when do a bunch of commands become a script?), we look at all distribution groups in AD, look at each member and determine if it matches the one we’re looking for.
$contact = get-contact “[email protected]”; Get-DistributionGroup | foreach {$dg = $_ ; write-host “Looking at: “
$dg; Get-DistributionGroupMember $dg | foreach {if ($_.identity -like $contact.identity) {“Member of : ” + $dg} }}
Clearly, this isn’t very efficient!
Using the ADSI provider
The shell can also look at the AD objects natively using the ADSI provider. It’s not as friendly or easy to use (as a native AD provider for Powershell would probably be), but it’s a huge improvement over VBScript. There’s no need to grab AD objects into ADO recordsets— that part is taken care of by Powershell.
Here’s one way to do this using the ADSI provider:
$dn = “LDAP://” + (Get-Contact [email protected]).distinguishedName; $foo=[ADSI]$dn; $foo.memberOf | foreach {$dg = $_; get-distributiongroup $dg}
What it does: Uses the ADSI provider to get list of all groups a recipient is a member of, determines if the group is a Distribution or Security group, outputs names of Distribution Groups.
Usage:
.\Get-DGMembership.ps1 [email protected]
.\Get-DGMembership.ps1 [email protected] [email protected]
What we can really use is a native AD provider that lends the same automation capabilities to AD management tasks that the Exchange shell and Powershell lend to Exchange and Windows management tasks.
{ 4 comments… read them below or add one }
Works very well – thanks!
Jim
this is slick!
I have a list ofa few hundred accounts I need to remove from all distro groups.
I’ve modified the code to get a list of $name and individual groups that I can pass to remove-distributiongroupmember. I can write-host to the screen, but for some reason can’t output the data to a file through redirection or export-csv.
Help! I’ve fallen and I can’t get up! Any suggestions?
How would you make a change to an attribute for all of your distributon groups? I need to change the "accept mail from authenticated users only" attribute for all of my groups.
Hi BHARAT,
Great work. It works as expected.
Thank you so much.