Last active
September 25, 2017 08:24
-
-
Save apapiccio/48888f8178158c22b43dce84184359c2 to your computer and use it in GitHub Desktop.
Update ManagedBy Attribute for Distribution Groups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.NOTES | |
=========================================================================== | |
Created on: 22/09/2017 10:58 AM | |
Created by: papicc0a | |
Organization: RAC of WA | |
Filename: Update-DGPermissions.ps1 | |
=========================================================================== | |
.DESCRIPTION | |
This script is used to update the Managed By Attribute (aka Owners field) on Distribution Groups. Exchange 2007 only allowed for a single | |
value to be placed in the Managed By attribute through ADUC. | |
Exchange 2013+ allows multi values and is controlled through Exchange instead of ADUC. It is part of the RBAC groups. | |
Exchange 2013+ prefers that you add individual names to the existing RBAC group rather than assign Universal Security Groups access to | |
manage Distribution Groups. | |
.SYNOPSIS | |
This script does the following: | |
- Reads the current values for the ManagedBy attribute into an array | |
- It will go through the array in a loop and check if the object has an ObjectClass of "Group". | |
--> If it is a group it will get the members of the group and place them into an array (recursively in case there are nested groups) | |
--> It then loops through the array to make sure that the users in the group have not also been added as explict Owners | |
--> It then places the Distinguished names into a new Managers Array | |
--> Lastly it goes through and pipes the unique values (where a user is a member of multiple nested groups) into a final list before setting | |
the new members | |
- If the Object class is not a group (i.e. a user) it adds the existing users to a seprate array which will be used to re-add them once the DL has been modified. | |
The reason for this approach was due to errors when attempting to remove legacy groups using the set-distributiongroup -managedby @{remove="groupname"} | |
.NOTES | |
WISHLIST | |
- Create some parameters to replace the Read-Host | |
- Add functionality to do all Distribution Groups as well as individaul ones | |
- Add reporting | |
#> | |
Import-Module ActiveDirectory | |
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn | |
[console]::ForegroundColor = "Green" | |
[console]::BackgroundColor = "black" | |
$DLExpr = Read-Host "Enter the string of the groups you want updated" | |
$DLList = Get-DistributionGroup -ResultSize unlimited -Anr $DLExpr | |
$NewOwnersList = New-Object System.Collections.ArrayList | |
$ExistingUser = New-Object System.Collections.ArrayList | |
foreach ($DL in $DLList) { | |
$DLName, $OwnerList = $null | |
$DLName = $DL.Name | |
$OwnerList = $DL.ManagedBy | |
#Identify whether the managed by is a Security group or User | |
foreach ($Owner in $OwnerList) { | |
$OwnerDN = $Owner.DistinguishedName | |
$OwnerObjInfo = Get-ADObject -id $OwnerDN | |
If ($OwnerObjInfo.ObjectClass -eq "Group") { | |
$UserList = Get-ADGroupMember -id $OwnerDN -Recursive | |
foreach ($user in $UserList) { | |
#Check to see if the group member already exists as an Explicitly named owner | |
$CheckUser = $OwnerList -contains $user.DistinguishedName | |
If ($CheckUser -eq $false) { | |
$NewOwnersList = $NewOwnersList += $user.DistinguishedName | |
} | |
} | |
} | |
else { | |
$ExistingUser = $ExistingUser += $OwnerDN | |
} | |
} | |
$FinalList = $NewOwnersList | select -Unique | |
Set-DistributionGroup -BypassSecurityGroupManagerCheck -ManagedBy $FinalList -Identity $DLName | |
#Add back Existing User | |
foreach ($Exuser in $ExistingUser) { | |
Set-DistributionGroup -Identity $DLName -BypassSecurityGroupManagerCheck -ManagedBy @{ | |
Add = $Exuser | |
} | |
} | |
} | |
Write-Host "##########################################" | |
Write-Host "## Groups Updated ##" | |
Write-Host "##########################################" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment