locked
Finding which DL's a DL is a member of RRS feed

  • Question

  • We are running Exchange 2007 SP2. I have been asked by Management to find out what DL's a list of about 20 DL's are members of.

    I can view this by going to the DL's in question in Exchange Management Console > Properties > Member Of

    But was hoping there would be a way in Exchange Management Shell to do this? I can't seem to find one though.
    Sunday, January 8, 2012 6:15 PM

Answers

  • On Sun, 8 Jan 2012 22:42:47 +0000, Nuno Mota wrote:
     
    >
    >
    >I might be wrong, but I don't think he's looking for those scenarios. Sheen, can you confirm if this is what you want?
    >
    >You might want to add: -or $_.RecipientType -eq "MailUniversalSecurityGroup"
    >http://LetsExchange.blogspot.com
     
    Or use ADSI to do the work:
     
    get-distributiongroup | foreach {
    $dn = (get-group $_).distinguishedname
    $g = [ADSI]"LDAP://$dn"
    $mo = $g.memberof
    if ($mo.count -gt 0)
    {
    write-host "DL`: $($_.name) is a member of`:"
    foreach ($m in $mo)
    {
    write-host "`t$((get-group $m).name)"
    }
    }
    }
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, January 9, 2012 1:56 AM
  • If you're running that from Exchange 2010, you'll have to slightly change the first line because of the pipeline (really don't like how the pipeline works in 2010 compared to 2007...):

    ForEach ($group in get-distributiongroup)
    {
      $dn = (get-group $group).distinguishedname
      $g = [ADSI]"LDAP://$dn"
      $mo = $g.memberof
    
      if ($mo.count -gt 0)
      {
        write-host "DL`: $($_.name) is a member of`:"
        foreach ($m in $mo)
        {
          write-host "`t$((get-group $m).name)"
        }
      }
    }
    


    Otherwise you will get the following error:

    Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
        + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
       PSInvalidOperationException
        + FullyQualifiedErrorId : RemotePipelineExecutionFailed
    


    But since he's on 2007, it is fine.

    It works great, thanks for the tip!!  :)

    Sheen, all you have to do is exclude "normal" security groups if you just want DLs.


    http://LetsExchange.blogspot.com
    Monday, January 9, 2012 9:43 AM

All replies

  • You could do something like this but it might take a long time if you have loads of DLs with loads of users...

    ForEach ($DL in Get-DistributionGroup) { Get-DistributionGroupMember $DL -ResultSize Unlimited | % { If ($_ -match "distribution_list") {$DL.DisplayName} }}
    

    Just replace "distribution_list" with the display name of the DL you want to check.


    http://LetsExchange.blogspot.com
    Sunday, January 8, 2012 6:43 PM
  • If for every DL you want to list all members that are DLs, you can run the following:

     

    ForEach ($DL in Get-DistributionGroup)
    {
    	Write-Host "`n$($DL.DisplayName)" -ForegroundColor Green
    	
    	Get-DistributionGroupMember $DL -ResultSize Unlimited | Sort Name | % {
    		If ($_.RecipientType -eq "MailUniversalDistributionGroup" -or $_.RecipientType -eq "DynamicDistributionGroup")
    		{
    			Write-Host "`t$($_.DisplayName)"
    		}
    	}
    }
    

    Hope this helps!

     


    http://LetsExchange.blogspot.com
    • Edited by Nuno Mota Sunday, January 8, 2012 7:01 PM code update
    Sunday, January 8, 2012 7:00 PM
  • On Sun, 8 Jan 2012 19:00:20 +0000, Nuno Mota wrote:
     
    >
    >
    >If for every DL you want to list all members that are DLs, you can run the following:
    >
    > ForEach ($DL in Get-DistributionGroup)
    >{
    > Write-Host "`n$($DL.DisplayName)" -ForegroundColor Green
    >
    > Get-DistributionGroupMember $DL -ResultSize Unlimited | Sort Name | % {
    > If ($_.RecipientType -eq "MailUniversalDistributionGroup" -or $_.RecipientType -eq "DynamicDistributionGroup")
    > {
    > Write-Host "`t$($_.DisplayName)"
    > }
    > }
    >}
    >Hope this helps!
     
    But what about indirect membership? Or membership in groups that
    aren't mail-enabled?
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Sunday, January 8, 2012 10:40 PM
  • I might be wrong, but I don't think he's looking for those scenarios. Sheen, can you confirm if this is what you want?

    You might want to add:

    -or $_.RecipientType -eq "MailUniversalSecurityGroup"


    http://LetsExchange.blogspot.com

    • Edited by Nuno Mota Sunday, January 8, 2012 10:45 PM
    Sunday, January 8, 2012 10:42 PM
  • On Sun, 8 Jan 2012 22:42:47 +0000, Nuno Mota wrote:
     
    >
    >
    >I might be wrong, but I don't think he's looking for those scenarios. Sheen, can you confirm if this is what you want?
    >
    >You might want to add: -or $_.RecipientType -eq "MailUniversalSecurityGroup"
    >http://LetsExchange.blogspot.com
     
    Or use ADSI to do the work:
     
    get-distributiongroup | foreach {
    $dn = (get-group $_).distinguishedname
    $g = [ADSI]"LDAP://$dn"
    $mo = $g.memberof
    if ($mo.count -gt 0)
    {
    write-host "DL`: $($_.name) is a member of`:"
    foreach ($m in $mo)
    {
    write-host "`t$((get-group $m).name)"
    }
    }
    }
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, January 9, 2012 1:56 AM
  • If you're running that from Exchange 2010, you'll have to slightly change the first line because of the pipeline (really don't like how the pipeline works in 2010 compared to 2007...):

    ForEach ($group in get-distributiongroup)
    {
      $dn = (get-group $group).distinguishedname
      $g = [ADSI]"LDAP://$dn"
      $mo = $g.memberof
    
      if ($mo.count -gt 0)
      {
        write-host "DL`: $($_.name) is a member of`:"
        foreach ($m in $mo)
        {
          write-host "`t$((get-group $m).name)"
        }
      }
    }
    


    Otherwise you will get the following error:

    Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
        + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
       PSInvalidOperationException
        + FullyQualifiedErrorId : RemotePipelineExecutionFailed
    


    But since he's on 2007, it is fine.

    It works great, thanks for the tip!!  :)

    Sheen, all you have to do is exclude "normal" security groups if you just want DLs.


    http://LetsExchange.blogspot.com
    Monday, January 9, 2012 9:43 AM
  • Hi Sheen

    Did you try Nuno's Script?

    Cheers

    Zi Feng

    Wednesday, January 11, 2012 1:29 AM
    Moderator