Tips on Quest and Exchange Shell to Manage Groups and Group Members

Tips on Quest and Exchange Shell to Manage Groups and Group Members

Groups are of two types Security groups and Distribution Groups. Securities groups are normally used in provide AD Object Permission and NTFS permission and Distribution groups are used to email members of the Distribution Groups or shortly we call it as DL (Distribution List). Security groups can also be enabled as mail enabled security groups that used for Setting Permission and also sending email to the Members of the groups

clip_image002

Figure 1. Details of the Security Groups in Quest Shell

If you wanted this security group to mail enabled so that users can send email to the members of the group once this it enabled this group will also be visible in the GAL. You can only enable universal Security groups. Enable-DistributionGroup Exchange cmdlet does this for us

clip_image004

Figure 2. Exchange Cmdlet to enable Security group to mail enabled security group

Nested Groups is always Challenging. If you are working Nested group and you wanted to find the list of Indirect Nested groups which this group belongs, below Quest cmdlet gets the details

Get-QadGroup <groupname> | Select NestedMemberof

clip_image006

Figure 3. Cmdlet to get the list of Nested member DL

To get the list of DL which this group is member of then

Get-QadGroup <groupname> | select Memberof

clip_image008

Figure 4. Cmdlet to get the list of DL which DL is member of

Groups will always have members and in it. Get-QadGroupsmembers <groupname> will get the list of all the members in it. Members can be a users, group, contact. In the below example usergroup5 has type group “usergroup4” as member. But usergroup4 also has members in it. Those members can be users or groups. Using -Indirect parameter provides the list of all the Direct and Indirect members of the group. This is so simple right. If you wanted to do that same in VBscript we need to write lots of codes may be a recursive finding to find al the members in the nested groups.

clip_image010

Figure 5. Cmdlet to get Direct and Indirect members of the Group

Lets now try to filter out only required object like users or groups or contacts from the Group members. Below powershell cmdlet will get the list of all the -Indirect members and it filters out and displays only members of type Group

get-qadgroupmember usergroup5 -indirect | ?{$_.type -eq “group”}

clip_image012

Same can be done using LDAP filters but this time lets try to get indirect members of type users

get-qadgroupmember usergroup5 -indirect -ldap “(objectCategory=user)”

clip_image014

If you wanted to find the count of all the users in the group then below command does it for us. This uses ldap filter to find the count

@(get-qadgroupmember usergroup5 -indirect -ldap “(objectCategory=user)”).count

clip_image016

Figure 5. Cmdlet gets the count of all the Indirect users in DL Usergroup5

Similarly if you wanted to find the count of group members then we can also use where command to get the count

@(get-qadgroupmember usergroup5 -indirect | ?{$_.type -eq “group”}).count

clip_image018

Figure 6. Cmdlet gets the count of all the Indirect groups in DL Usersgroup5

Another Interesting way to get the Members of the Group and the member count

Below powershell cmdlet gets the list of all the members CN name using get-Qadgroup

(get-Qadgroup usergroup5).members

clip_image020

In the same fashion we can also get count members just by suffixing with .count

(get-Qadgroup usergroup5).members.count

clip_image022

 

3 thoughts on “Tips on Quest and Exchange Shell to Manage Groups and Group Members

  1. Hi,
    I saw your post on various queries you can run regarding groups.
    Is there way to count email enabled security groups? The reason I ask is that when you move Exchange content to Exchange Online, there is a limit of 20K objects. There are users, contacts, and email enabled security groups.
    Thanks,
    brett

  2. Hi Brett,

    Yes, we can get this details. Below is the Quest cmd let

    Below cmdlet gets all the mail enabled secuirty group

    @(get-qadgroupmember usergroup5 -indirect -ldap “(objectCategory=user)”).count

    Below cmdlet gets the count of the mail enabled security group

    @(Get-QadGroup -sizelimit 0 | ?{$_.GroupType -like “Security” -and $_.email -ne $NULL}).count

    Regards,
    Krishna
    Microsoft MVP – Powershell

  3. Pingback: Powershell: how to mail enable a group using Quest and Exchange | Jacques DALBERA's IT world

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s