locked
Powershell script to move DB Users to an AD Security Group RRS feed

  • Question

  • I need to write a powershell script that will move users that mailboxes are on a certain database from one AD Security group to another group:

    For Example

    Users mailboxes on Storage Group 1/DB1 are in the AD Group Clust1 and need to be removed from Clust1 and added to the group Clust01

    Im guessing i would need to use a combination of get-mailbox -database datbasename and probably something like add-adgroupmember sourcegroupname but not sure how to combine them.  havent had to do much powershell scripting in the past!

    Many Thanks


    Dave

    

    

    Monday, September 9, 2013 8:42 AM

Answers

  • Hi ,

    use this script :

    $mbxinDb1=get-mailbox -database db1  # Getting all mailbox on db1 database
    $mbxinClust1ButInDb1=@( )
    
    foreach ($mbx in $mbxinDb1)   # Getting all member of Clust1 Group whose mailbox is on db1 database
    {
    $mbxinClust1ButInDb1+= get-distributiongroupmember Clust1|where {$_.name -eq $mbx.name}
    }
    
    foreach($user in $mbxinClust1ButInDb1) # removing from Cust1 and adding to Clust01 Group
    { 
    remove-distributiongroupmember Clust1 -member $user -BypassSecurityGroupManagerCheck -confirm:$false  
    
    add-distributiongroupmember  Clust01 -member $user -BypassSecurityGroupManagerCheck -confirm:$false  
    }


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. ---------- MCITP - Exchange 2010 | MCITP - Windows Server 2008 R2


    • Edited by Tarique Noorain Monday, September 9, 2013 4:34 PM s
    • Marked as answer by dlarge Wednesday, September 18, 2013 11:43 AM
    Monday, September 9, 2013 4:33 PM

All replies

  • Hi ,

    use this script :

    $mbxinDb1=get-mailbox -database db1  # Getting all mailbox on db1 database
    $mbxinClust1ButInDb1=@( )
    
    foreach ($mbx in $mbxinDb1)   # Getting all member of Clust1 Group whose mailbox is on db1 database
    {
    $mbxinClust1ButInDb1+= get-distributiongroupmember Clust1|where {$_.name -eq $mbx.name}
    }
    
    foreach($user in $mbxinClust1ButInDb1) # removing from Cust1 and adding to Clust01 Group
    { 
    remove-distributiongroupmember Clust1 -member $user -BypassSecurityGroupManagerCheck -confirm:$false  
    
    add-distributiongroupmember  Clust01 -member $user -BypassSecurityGroupManagerCheck -confirm:$false  
    }


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. ---------- MCITP - Exchange 2010 | MCITP - Windows Server 2008 R2


    • Edited by Tarique Noorain Monday, September 9, 2013 4:34 PM s
    • Marked as answer by dlarge Wednesday, September 18, 2013 11:43 AM
    Monday, September 9, 2013 4:33 PM
  • Thanks for the script. 

    Only just getting round to giving it a go so will let you know how i get on.

    Thanks


    Dave

    Wednesday, September 18, 2013 11:44 AM
  • It kinda of works - had to change it from distributiongroupmember to adgroupmember.  With some little hacking I have got it to work in a test environment though i get a lot of errors it appears to work.  Just trying to figure out why im getting errors though at the minute.

    Thanks


    Dave

    Tuesday, October 1, 2013 12:13 PM
  • Did  script with 'DistributionGroupmember ' worked ?


    MCITP - Exchange 2010 | MCITP - Windows Server 2008 R2

    Tuesday, October 1, 2013 12:50 PM
  • No with Distributiongroupmember it didnt work.  The groups in question are Global Security groups, im guessing thats why it didnt work.

    Thanks

    Wednesday, October 2, 2013 12:18 PM
  • Hi,

    That was working for me ,let me check by changing the AdGroupmember.

    FYI,

    Distribution group must be Universal not Global .

    http://technet.microsoft.com/en-us/library/bb201680(v=exchg.150).aspx 


    MCITP - Exchange 2010 | MCITP - Windows Server 2008 R2

    Wednesday, October 2, 2013 12:32 PM