Tag: Active Directory

Posted on

Adding a User to Multiple Exchange Distribution Lists Using Windows PowerShell

PowerShell command line window

Adding a user to multiple distribution lists via Outlook can be a tedious process if many lists are involved. For today’s problem, I had to add a user to many lists that have a similar prefix. Instead of spending a an hour or more of adding the user to the DLs through the Global Address Book, I decided to use PowerShell.

This script, which I call “addtodl.ps1”, receives three parameters: the user’s email address, the name of the distribution list – which can include a wildcard character (*) to get multiple names, and the Exchange Server FQDN.

Param(
	[string] $UserName,
	[string] $DLName,
	[string] $Exchange
)

$exch = "http://" + $Exchange + "/PowerShell/?SerializationLevel=Full"

$Credentials = Get-Credential
$ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $exch -Credential $Credentials -Authentication Kerberos
Import-PSSession $ExSession

$distlists =  Get-DistributionGroup $DLName

foreach ($distlist in $distlists) {		
	Add-DistributionGroupMember -Identity $distlist.PrimarySmtpAddress -Member $UserName
	#$ManagedBy = $distlist.ManagedBy
	#foreach ($owner in $ManagedBy) {
	#	echo $owner
	#}
}

Exit-PSSession
Remove-PSSession -ID $ExSession.ID
[GC]::Collect()

By running this at the PowerShell command line with the parameters, you will be able to add the user to all distribution lists in the query that you manage. Those that you do not have access to will cause an error that will not halt the script. A dialog box asking for your username and password will appear first.

PowerShell command line window

When I have time, I intend to revisit this issue to get more useful information such as owner email addresses. Currently, if you uncomment the lines inside the foreach statement, the owners of each DL will be printed on the screen as well. It’s not too useful yet – which is why I still have it commented here.

Posted on

Using PowerShell to Check if a Particular User is in the Local Administrators Group

PowerShell is a very powerful tool for Windows administrators and developers alike.

I wanted to find out if a particular user ID was in the local admin group on all servers in my domain. Fortunately, someone had written a script (source link no longer exists) to check that very thing on the server you’re logged onto.

However, I wanted to check not just the server I’m on, but on all servers in the domain.

The script below, called findadmins.ps1, should do just that:

$userToFind = $args[0] 

$servers = Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto

foreach ($server in $servers) {

	$administratorsAccount = Get-WmiObject Win32_Group -ComputerName $server -filter "LocalAccount=True AND SID='S-1-5-32-544'" 
	$administratorQuery = "GroupComponent = `"Win32_Group.Domain='" + $administratorsAccount.Domain + "',NAME='" + $administratorsAccount.Name + "'`"" 
	$user = Get-WmiObject Win32_GroupUser -filter $administratorQuery | select PartComponent |where {$_ -match $userToFind} 
	$user.PartComponent.Replace("\\","").Split("\", 2, [System.StringSplitOptions]::None)[0]

}

You should be able to run this at the PS command prompt like this, once you’ve changed to the directory where the script is: “.\findadmins.ps1 userid”.

I have not completely finished testing this, as I got a series of errors, though these errors do not appear to be due to errors in the script itself.

%d bloggers like this: