locked
list of all distribution lists that one user is a member of. Powershell? RRS feed

  • Question

  • I have to get a list of all distribution lists that one user is a member of. Can this be done via powershell?
    Thursday, August 16, 2012 8:54 AM

Answers

  • another possibility:

    Get-ADUser $user |
      Get-ADPrincipalGroupMembership |
        select -Expand Distinguishedname |
          Get-DistributionGroup -EA 0


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Friday, August 17, 2012 3:01 PM
  • Hello,

    I don't think powerhsell Script is a good option, because there will two loop in the script, when you have too many distribution groups, this may effect Exchange Server performance.

    If you want to know user is member of which groups, you can go to check on ADUC:

    user properties->member of

    If you want to use powershell commands, here is one script for you:

    $User = read-host -Prompt "Enter User" 
    
    $User + " is a member of these groups:" 
    
    ForEach ($Group in Get-DistributionGroup) 
    { 
       ForEach ($Member in Get-DistributionGroupMember -identity $Group | Where { $_.Name –eq $User }) 
       { 
          $Group.name 
       } 
    }
    

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Friday, August 17, 2012 9:33 AM
    Moderator
  •  

    RedMick, Also remember, you asked about Distribution Lists and everyone assumed you were talking about Exchange DLs, but yet you mention looking at groups in ADUC.  All groups listed in ADUC may not be Distribution Lists for Exchange.  If you want to see all Group Membership of a user, try this:

    If (!(Get-module -name activedirectory)) {
                   Import-Module ActiveDirectory
    }
    
    $User = read-host -Prompt "Enter User" 
    $Groups = $(Get-ADUser $User -Properties memberOf).memberOf
    
    Foreach ($Group in $Groups) {
    Get-ADGroup $Group | FT
    }
    

    Friday, August 17, 2012 2:32 PM

All replies

  • Yes, you can use powershell to accomplish this.

    $Groups=@()
    $User = get-mailbox <UserIdentity>;
    Get-DistributionGroup | foreach {
    $dg = $_.Name
    Get-DistributionGroupMember
    $dg | foreach {if ($_.identity -eq $User.identity) {$Groups += $DG}
    }
    }
    $Groups


    Thursday, August 16, 2012 9:12 AM
  • Hi Rajitha

    Thanks for the swift reply, I've tried the script but it asks for the following

    cmdlet Get-DistributionGroupMember at command pipeline position 1
    Supply values for the following parameters:
    Identity:

    I have tried alias, display name and email address all give same result as above. Where am I going wrong?

    Thanks in advance

    Thursday, August 16, 2012 10:08 AM
  •  Sorry, my fault. Please try this.

    $Groups=@()
    $User = get-mailbox <UserIdentity>;
    Get-DistributionGroup | foreach {
    $dg = $_.Name
    Get-DistributionGroupMember $dg | foreach {if ($_.identity -eq $User.identity) {$Groups += $DG}
    }
    }
    $Groups

    Thursday, August 16, 2012 10:41 AM
  • I'm still getting this wrong. I'm substituting <UserIdentity> with the users alias and executing. Should this give me all the DLs that the user is a member of?

    It only comes up with 2 DLs but when I check AD, the user is a member of 9 lists

    Pipeline not executed because a pipeline is already executing. Pipelines cannot
     be executed concurrently.
        + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRuns
       pace:ExecutionCmdletHelperRunspace) [], PSInvalidOperationException
        + FullyQualifiedErrorId : RemotePipelineExecutionFailed

    WARNING: By default, only the first 1000 items are returned. Use the ResultSize
     parameter to specify the number of items returned. To return all items,
    specify "-ResultSize Unlimited". Be aware that, depending on the actual number
    of items, returning all items can take a long time and consume a large amount
    of memory. Also, we don't recommend storing the results in a variable. Instead,
     pipe the results to another task or script to perform batch changes.
    1st DL

    2nd DL
    PS>

    Where would I insert the "-ResultSize Unlimited" line?

    Thursday, August 16, 2012 11:08 AM
  • $Groups=@()
    $User = get-mailbox <UserIdentity>;
    Get-DistributionGroup -Resultsize unlimited | foreach {
    $dg = $_.Name
    Get-DistributionGroupMember $dg | foreach {if ($_.identity -eq $User.identity) {$Groups += $DG}
    }
    }
    $Groups

    You can also add  -Resultsize unlimited against Get-Distributiongroupmember cmdlet if you still see this error again.

    Thursday, August 16, 2012 11:10 AM
  • Hello,

    I don't think powerhsell Script is a good option, because there will two loop in the script, when you have too many distribution groups, this may effect Exchange Server performance.

    If you want to know user is member of which groups, you can go to check on ADUC:

    user properties->member of

    If you want to use powershell commands, here is one script for you:

    $User = read-host -Prompt "Enter User" 
    
    $User + " is a member of these groups:" 
    
    ForEach ($Group in Get-DistributionGroup) 
    { 
       ForEach ($Member in Get-DistributionGroupMember -identity $Group | Where { $_.Name –eq $User }) 
       { 
          $Group.name 
       } 
    }
    

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    Friday, August 17, 2012 9:33 AM
    Moderator
  •  

    RedMick, Also remember, you asked about Distribution Lists and everyone assumed you were talking about Exchange DLs, but yet you mention looking at groups in ADUC.  All groups listed in ADUC may not be Distribution Lists for Exchange.  If you want to see all Group Membership of a user, try this:

    If (!(Get-module -name activedirectory)) {
                   Import-Module ActiveDirectory
    }
    
    $User = read-host -Prompt "Enter User" 
    $Groups = $(Get-ADUser $User -Properties memberOf).memberOf
    
    Foreach ($Group in $Groups) {
    Get-ADGroup $Group | FT
    }
    

    Friday, August 17, 2012 2:32 PM
  • another possibility:

    Get-ADUser $user |
      Get-ADPrincipalGroupMembership |
        select -Expand Distinguishedname |
          Get-DistributionGroup -EA 0


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Friday, August 17, 2012 3:01 PM
  • Hey Everyone-

    I know this has been classified as "Answered," but since I seem to always visiting these forums I wanted to share an easier way to get the "Groups" or "Distribution Groups" for a users.

    I'm working with Exchange 2k10 Sp1.

    Get Distinguished Name:

    get-Mailbox [Username] | fl Name,Distinguishedname

    Groups:

    get-group -ResultSize Unlimited -Filter 'Members -eq "[User Distinguished Name]"'

    Distribution Groups:

    Get-DistributionGroup -ResultSize Unlimited -Filter 'Members -eq "[User Distinguished Name]"'

    Hope this helps future Visitors.

    Enjoy!

    Friday, February 14, 2014 11:10 PM
  • another possibility:

    Get-ADUser $user |
      Get-ADPrincipalGroupMembership |
        select -Expand Distinguishedname |
          Get-DistributionGroup -EA 0


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

    Greetings all!

    I ran into this need at my current customer site and I ended up having to write a script to perform a recursive group membership enumeration because Get-ADPrinicpalGroupMembership barfs when it encounters a group name with a slash in it which they have a lot of. I also had some other challenges and requests from my customer that drove some tweaks to the script. Just an FYI.

    Monday, April 28, 2014 7:31 PM
  • Hey Everyone-

    I know this has been classified as "Answered," but since I seem to always visiting these forums I wanted to share an easier way to get the "Groups" or "Distribution Groups" for a users.

    I'm working with Exchange 2k10 Sp1.

    Get Distinguished Name:

    get-Mailbox [Username] | fl Name,Distinguishedname

    Groups:

    get-group -ResultSize Unlimited -Filter 'Members -eq "[User Distinguished Name]"'

    Distribution Groups:

    Get-DistributionGroup -ResultSize Unlimited -Filter 'Members -eq "[User Distinguished Name]"'

    Hope this helps future Visitors.

    Enjoy!

    Using the Active Directory Module for Windows PowerShell, I needed to connect with the 365 Online Exchange by  running:

    $LiveCred = Get-Credential
    
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
    	
    Import-PSSession $Session
    
    Import-module Msonline
    
    Connect-MsolService -Credential $Livecred

    And, I added:

    | Export-CSV C:\DistribGroups.csv

    to the end of the command line.

    Wednesday, July 30, 2014 7:50 PM
  • (Get-ADUser $user -Properties memberof).memberof | Get-DistributionGroup -ea 0


    Tuesday, September 27, 2016 11:20 AM
  • (Get-ADUser $user -Properties memberof).memberof | Get-DistributionGroup -ea 0


    While this will show which distribution groups a user is directly a member of, and suppress the errors of the non-DGs, it won't show which DGs a user is a member of through group nesting. To do that you would need to recursively walk up each DG to see if it was a member of another DG. Since groups can be nested cyclically (meaning Group A is a member of Group B and Group B is a member of Group A), this can cause loops in scripts, but I figured out a way around that and other issues with this script:

    https://gallery.technet.microsoft.com/Get-Object-Group-56e2d037

    I hope this script helps.


    Tuesday, September 27, 2016 4:41 PM
  • ADUC will only show AD Groups that a user is a member of, this will not show Exchange Groups/Distribution Lists.
    Friday, April 7, 2017 1:27 PM