Extract all mail enabled groups with PowerShell and ADSI
I’ve just finished off this first attempt at an actual useful PowerShell script. This should extract all Mail Enabled groups – that’s both security and distribution groups – and present them in a human readable format. Though I’ve played with PowerShell a little, I’ve not had need to use it for anything useful until now.
Unfortunately, if a group is a member of another group, it won’t expand that group but since the data is exported in human readable, you can just look at the member list of that group.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
$RootDN = [ADSI] '' $Searcher = New-Object System.DirectoryServices.DirectorySearcher($RootDN) $Searcher.Filter = "(&(objectClass=group)(mail=*))" $MeGroups = $searcher.FindAll() Write-Host "There are" $MeGroups.Count "mail enabled groups (Security & Distribution)" ForEach ($Group in $MeGroups) { $GroupDN = [ADSI]$Group.Path Write-Host $GroupDN.displayName "("$GroupDN.mail")" ForEach ($Member in $GroupDN.member) { $Member = $Member.ToString() $Entry = $Member.Split(",") $Entry = $Entry[0] -replace("CN=","") Write-Host `t $Entry } Write-Host `r`n } |
-Lewis
Hi Lewis!!
Great script. Works like a charm. I too am not a PS scripter, and am trying to figure out how to edit your script to send output to a file (*.CSV or *.TXT). I would normally just add a redirect but that isn’t working for me. I also tried piping through to the Export command, with no luck. Any suggestions for me?
Thanks!!
If you want to export the content, remove the Write-Host entries at the beginning of the respective lines and then you’ll be able to use the pipe command.
Hi,
to get the output to file you need to use write-output instead of write-host, you can modify the script as follows:
$RootDN = [ADSI] ”
$Searcher = New-Object System.DirectoryServices.DirectorySearcher($RootDN)
$Searcher.Filter = “(&(objectClass=group)(mail=*))”
$MeGroups = $searcher.FindAll()
Write-Output $(“There are ” + $MeGroups.Count + ” mail enabled groups (Security & Distribution)”)
ForEach ($Group in $MeGroups) {
$GroupDN = [ADSI]$Group.Path
Write-Output $(“Group: ” + $GroupDN.displayName + ” (” + $GroupDN.mail + “)”)
ForEach ($Member in $GroupDN.member) {
$Member = $Member.ToString()
$Entry = $Member.Split(“,”)
$Entry = $Entry[0] -replace(“CN=”,””)
Write-Output $($Entry)
}
Write-Output $(” “)
}
save that script (for example DLs.ps1) and then in powershell run C:\Temp\DLs.ps1 | out-file c:\temp\AllMailEnabledGroups.txt
Hope this helps.
BR
Great script but do you have a script that will list all the mail enabled distribution groups (including dynamic distribution groups) for an individual AD user? Ideally I”d liked to import list of users from .txt or .csv file and export the results to a .csv file.
Hi Eddie, if you just need a list of the groups that a user is a member of, use a one-liner.
Get-ADUser -Identity my.user -Properties memberOf | % {$_.memberOf} | % {Get-ADGroup $_ -Properties *} | select name, mail
See how you get on with that as a starting point. Use Import-CSV and a ForEach.
Cheers
Lewis
perfect just what I was looking for Lewis!!!
Good script, but I need to find out in a specific OU, which Groups are mail enabled? we are trying to clean up AD with empty groups and want to make sure none are mail enabled.
Thanks
Freddie
$RootDN = [ADSI] ”
$Searcher = New-Object System.DirectoryServices.DirectorySearcher($RootDN)
$Searcher.Filter = “(&(objectClass=group)(mail=*))”
$MeGroups = $searcher.FindAll()
Write-Host “There are” $MeGroups.Count “mail enabled groups (Security & Distribution)”
ForEach ($Group in $MeGroups) {
$GroupDN = [ADSI]$Group.Path
Write-Host $GroupDN.displayName “(“$GroupDN.mail”)”
ForEach ($Member in $GroupDN.member) {
$Member = $Member.ToString()
$Entry = $Member.Split(“,”)
$Entry = $Entry[0] -replace(“CN=”,””)
Write-Host `t $Entry
}
$Entry | Export-Csv -Encoding ‘Unicode’ c:\temp\ngtest.csv
}
the following script is making the file ngtest.csv but the output I am seeing is
#TYPE System.String
Length
14
in excel