<img height="1" width="1" src="https://www.facebook.com/tr?id=1529264867168163&amp;ev=PageView &amp;noscript=1">
blog_listing_hero_img.jpg

Exchange Group Management Script

Email Group management is often a time consuming process. Exchange has two types of distribution groups, each with their pros and cons, and both out of the box may not be ideal for your organisation. 

The normal Distribution List has been around for a long time. It's a group that has a list of members, however has adds, moves and changes that are normally manual. This can either be a time consuming process for people to manage each time when members of lists change, and leaves along with room for human error...

Dynamic Distribution Groups are the other type, that the automation covered by using rules, known as filters. The group will check these filters at the time of an email being sent to the group. This means that if someone's department changes, there is no need to make a change to the dynamic distribution group, and therefore causes much less of an administration burden.

The are some disadvantages of Dynamic Distribution Groups such as end users being unable to see the members, often leading to a poor user experience. People generally want to know exactly who is in a group and who will receive their email? It makes logical sense, however is currently not possible for Exchange to show this to end users via the Outlook Address Book.

With this in mind, I decided to write a script. The idea of the script would be to use the smarts of Dynamic Distribution Groups to automatically add and remove users from a group when their details changed, but also to allow users to see the members of all groups. It needed to be easy to add and change the criteria of the groups too, and easily show what groups were being populated. With this in mind, I present my email group management script:

Start-Transcript -path C:\Scripts\Admin\Logs\emailgroups.txt
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://ExchangeServer/Powershell -Authentication Kerberos
Import-PSSession $session
$data = import-csv C:\Scripts\Admin\emailgroups.csv
foreach ($group in $data){
New-DistributionGroup -name $group.GroupName -DisplayName $group.GroupName -OrganizationalUnit "mydomain.com/ExchangeDL" -Notes "Automatically Managed by @AdamFowler_IT's Script"
$users = Get-ADUser -SearchBase "ou=Users,dc=yourdomain,dc=com" -Filter $group.filter
Get-ADGroup -Identity $group.groupname | Set-ADObject -clear member
Add-ADGroupMember -Identity $group.groupname -Members $users
}
Stop-Transcript

That's it, 11 lines of code including the closing bracket. It may not look like much, but I'll take you through how this works. If you want more details on a certain cmdlet, either use the get-help cmdlet, or you can Google it.

First, we're using the Start-Transcript cmdlet to log the output of the script to the path specified. Handy to know what happened the last time the script was run.

The next two lines are to create a remote PowerShell session to your Exchange server. This is required for the New-DistributionGroup cmdlet later on, and you'll need to specify your own server in the ConnectionUri area.

The $data variable is set by looking for a file called emailgroups.csv and importing it. This is where all your rules for the groups are set. Here's an example of what the file contains:

GroupName,Filter
Australia Finance ,country -eq "australia" -and department -eq "finance"
New York Subway Staff ,office -eq "new york" -and ((title -like "*manager*") -or (title -like "*artist*"))

There are only two sections for each line of the CSV file. GroupName will be what you want the group to be called, and Filter specifies the criteria on what users will be searched on. You can filter in most Active Directory object fields, so consider what smarts you'd like to use for your groups.

Back to the script, the 'foreach' line takes each line from the CSV, and applies all the cmdlets between the curly brackets {} for each result.

The New-DistributionGroup line will try to create the group, and error if it already exists. You can put in extra code to check if it exists, but personally I don't think there is any harm in attempting to create the group anyway. This line can be removed if you prefer to create your groups via a different method, but use the script to maintain user membership. I've also made the script add the note "Automatically Managed by @AdamFowler_IT's Script" so someone doesn't accidentally make a manual change to the group, without realising the change will be lost when the script is next run.

The $users variable then gets set by the results of the current filter line being read from the current line of the CSV. $users will now contain that full list of users in preparation of adding them to the specified group.

Get-ADGroup -Identity $group.groupname is simply getting the groupname field from the current line of the CSV, and then piped to Set-ADObject -clear member. This simply removes all members of the group, which is done to remove users that fall out of scope. For example, if a staff member moved from Finance to HR, they will be removed with this command, but not re-added with the next command due to no longer fitting the criteria. Note - if you just want to refresh the groups by adding new members, but not removing and re-adding everyone, remove this line. The rest of the script will still run perfectly fine.

Add-ADGroupMember -Identity $group.groupname -Members $users will then use all the information collected previously in the $user variable, and add those users to the group.

The closing curly bracket } ends the loop of the 'foreach' command, and will continue to run until all the lines of the CSV have processed.

Finally, the Stop-Transcript simply closes off writing to the transcript. The session ending will stop this anyway, but it's a bit neater to include.

I'm using this in production and am quite happy with it. If I need another automated group, I just add a new line to the CSV and run the script. It's really easy for ongoing changes, with the most important benefit of giving full visibility to your staff of exactly who they're emailing.