none
Change Universal Security Group to Universal Distribution group in bulk

    Question

  • I have an old 2003 Domain with about 1000 distribution groups that need to be converted from Universal Security to Universal Distribution groups. I am trying to find a way of doing this via a script so I do not need to change each group individually. I'm hoping someone can point me in the direction of a command, script or program that will let me do this.

    Before anyone asks, no I cannot upgrade the domain out of 2003 for a variety of reasons. I do have ADWS so I am able to use powershell if needed. And yes, I know what changing the groups will do and none of these groups need to be security groups.

    Vincent Sprague

    Wednesday, June 13, 2018 1:29 PM

All replies

  • You can simply use the dsmod command to change the group type

    You need to know the DistinguishedName of the group

    dsmod group "CN=MyGroup,OU=MyEnterpriseGroups,DC=MyDomain,DC=Com" -secgrp no

    This should convert your group to Distribution group.

    hth


    This posting is provided AS IS without warranty of any kind

    Wednesday, June 13, 2018 4:41 PM
  • Thank you, that works on an individual basis. Now I just need to figure out how to script that so it will do all the groups I need in one shot.

    Vincent Sprague

    Thursday, June 14, 2018 1:22 PM
  • i'm not a Powershell master but if your groups you want to modify are under the same OU, you could just run the following command to export all of them

    dsquery group "OU=My_OU,DC=MyDomain,DC=Com" > C:\Temp\My_Export_Groups.txt

    This will create a text file with all group DN's

    something like that:

    "CN=MyFirstGroup,OU=My_OU,DC_MyDomain,DC=Com"

    Then import it into Excel and create your scripts with Excel... it's a 3-4 minutes max to do that ;)

    hth


    This posting is provided AS IS without warranty of any kind

    Thursday, June 14, 2018 1:29 PM
  • I have over 1000 Distribution groups to change so I ended going with this:

    For AD ran this:
    Get-ADGroup -Filter {name -like "US_*"} -SearchBase "OU=US-DLs,OU=Distribution Lists,DC=domain,DC=local" | Set-ADGroup -GroupCategory Distribution

    For Exchange ran this:
    get-DistributionGroup -Identity US_* | set-distributiongroup -MemberDepartRestriction Closed

    Vincent Sprague

    Thursday, June 14, 2018 2:44 PM