none
How to add contacts to a Distribution List in command-line RRS feed

  • Question

  • I try to add and remove contacts to and from DLs in command-line.

    I try dsadd, but there is no option for contacts, when user has option -memberof

    I got error when I use dsmod group "GroupDN" -addmbr "ContactDN"

    It failed with messages

    dsmod failed:CN=xxx...DC=Com:Unspecified error
    type dsmod /? for help.

    No problem to add a user with dsmod group "GroupDN" -addmbr "UserDN"

    Is there any command which can add a contact into a DL?

     

     

    Monday, March 28, 2011 5:25 PM

Answers

All replies

  • Hello,

    please see: http://www.pcreview.co.uk/forums/add-exchange-contacts-distirbution-list-batch-script-t2243106.html


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, March 28, 2011 6:02 PM
  • You can use many methods and command. Here is an example for adding a member:

    dsmod group "CN=TestDG1,OU=TestOU,DC=infralab,DC=local" -addmbr "CN=Contacts2,OU=TestOU,DC=infralab,DC=local"

    Also, you can use the same method I mentioned in the following blog:

    http://portal.sivarajan.com/2011/03/updating-group-membership-dynamically.html

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara

    This posting is provided AS IS with no warranties, and confers no rights.
    Monday, March 28, 2011 6:31 PM
    Moderator
  • Here's an example if you have special characters and want to do it with powershell:

    http://www.powershellcommunity.org/Forums/tabid/54/aft/3669/Default.aspx

     

    Monday, March 28, 2011 6:41 PM
  • Santhosh,

    I did exactly things as you type dsmod group

    But I got Unspecified error as above. How did this happen. I already checked syntax and any letters. But when add user no any problem.

    Do I have to check what option for DL Group, what I should check for this error?

     

    Monday, March 28, 2011 6:42 PM
  • Hello,

    please post your complete command line here.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Monday, March 28, 2011 7:05 PM
  • Most likely either the DN of the group or the DN of the contact is bad. Do either of the DN's have unusual characters. For example, I believe commas in Common Names must be escaped with the backslash escape character.

     


    Richard Mueller - MVP Directory Services
    Monday, March 28, 2011 7:28 PM
  • Here are what I did.


    dsquery * -filter "(memberOf=CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local)" -attr distinguishedName objectClass mail
      distinguishedName                                             objectClass                                 mail
      CN=Cntct Test,OU=Contacts,OU=MyCorp,DC=Mydomain,DC=root,DC=local    top;person;organizationalPerson;contact;    dummyml@hotmail.com
      CN=USR Test,OU=Contacts,OU=MyCorp,DC=Mydomain,DC=root,DC=local      top;person;organizationalPerson;user;       dummyml@hotmail.com


    dsmod group "CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local" -addmbr "CN=USR Test,OU=Contacts,OU=MyCorp,DC=Mydomain,DC=root,DC=local"
    dsmod succeeded:CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local

    dsmod group "CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local" -addmbr "CN=Cntct Test,OU=Contacts,OU=MyCorp,DC=Mydomain,DC=root,DC=local"
    dsmod failed:CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local:Unspecified error
    type dsmod /? for help.

    I added the contact with GUI successfully.

    dsmod group "CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local" -rmmbr "CN=Cntct Test,OU=Contacts,OU=MyCorp,DC=Mydomain,DC=root,DC=local"
    dsmod failed:CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local:Unspecified error
    type dsmod /? for help.

    dsmod group "CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local" -rmmbr "CN=USR Test,OU=Contacts,OU=MyCorp,DC=Mydomain,DC=root,DC=local"
    dsmod succeeded:CN=TESTDL,OU=Distribution List,OU=MyCorp,DC=Mydomain,DC=root,DC=local

     

    Monday, March 28, 2011 7:33 PM
  • I just confirmed your experience with dsmod. I was able to add a user and a computer to a distribution group. I assume I could add groups as well. I could not add a contact to either a distribution or a security group. This is not documented anywhere I found. I would think it is not intended. One difference is that contact objects to not have sAMAccountName.

     


    Richard Mueller - MVP Directory Services
    Monday, March 28, 2011 9:43 PM
  • Yes.  I was testing the same procedure in the lab.  I can’t add contact to a DL but I can add all other objects types.  I even tried it with -secgrp no option. 

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara

    This posting is provided AS IS with no warranties, and confers no rights.
    Monday, March 28, 2011 9:46 PM
    Moderator
  • Oh, Oh. I did my testing on a Wk28 R2 DC. I just used dsmod group to add the contact object to the distribution group on a W2k3 DC and it worked. If you can confirm that you are running dsmod on a Windows Server 2008 R2 DC, I think we have found a bug.

     


    Richard Mueller - MVP Directory Services
    Monday, March 28, 2011 9:48 PM
  • Interesting.  I was using Windows 2008.  It is not working on Windows 2008 either. 

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara

    This posting is provided AS IS with no warranties, and confers no rights.
    Monday, March 28, 2011 9:56 PM
    Moderator
  • You are right,

    What I tested was in W2K8 R2 DC.

    I tested same commands in w2k3 DC. All are successful. I can use dsmod group to add contacts into a DL.

    So what I can do? Is there any other command can add contacts? Or some hotfix, patchs can fix it?

    Thanks all of you.

     

    Tuesday, March 29, 2011 1:55 PM
  • You can use a VBScript or PowerShell program. A PowerShell example:

    $Group = [ADSI]"LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com"
    $Contact = [ADSI]"LDAP://cn=Joe Contact,ou=Sales,ou=West,dc=MyDomain,dc=com"
    
    $Group.Add($Contact.ADsPath)

     

    And on W2k8 R2, with the AD modules, you can use the following (not tested):

    Add-ADGroupMember -Identity "cn=Test Group,ou=West,dc=MyDomain,dc=com" -Members "cn=Joe Contact,ou=Sales,ou=West,dc=MyDomain,dc=com"

    Richard Mueller - MVP Directory Services
    Tuesday, March 29, 2011 2:52 PM
  • Thanks for command, further question.

    I got the error when I used 'Add-ADGroupMember'

    The term 'Add-ADGroupMember' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    Does this mean I have to install special AD modules in my AD?

    How to get the AD modules?

     

    Thanks in advance

     

    Tuesday, March 29, 2011 9:34 PM
  • Yes. What version of AD are you are using?  You need to import the AD module using Import-module ActiveDirectory cmdlet. 

     

    You can install the Active Directory module by using any of the following methods:

    • By default, on a Windows Server 2008 R2 server when you install the AD DS or AD LDS server roles
    • By default, when you make a Windows Server 2008 R2 server a domain controller by running Dcpromo.exe
    • As part of the Remote Server Administration Tools (RSAT) feature on a Windows Server 2008 R2 server
    • As part of the RSAT feature on a Windows 7 computer

    You can read more info on - http://technet.microsoft.com/en-us/library/dd378937(WS.10).aspx

     

    http://technet.microsoft.com/en-us/library/dd723691(WS.10).aspx

     

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara

    This posting is provided AS IS with no warranties, and confers no r
    Wednesday, March 30, 2011 1:05 AM
    Moderator
  • I believe you said you had W2k8 R2. I don't remember doing anything on my W2k8 R2 machine once I installed the OS and AD. On the start menu I have "Active Directory Modules for Windows PowerShell", which launches PowerShell V2 and loads the AD modules.

     


    Richard Mueller - MVP Directory Services
    Wednesday, March 30, 2011 2:09 AM
  • Actually, the ActiveDirectory PowerShell provider has the same problem - perhaps it is using dsadd under the covers? It reports a slightly different error - but also fails to add a contact to a group, though it can add all the other types you would expect...

    This is a pretty glaring bug to have shipped Win2k8 with - and I'm a bit surprised it didn't make it into Win2k8R2.

    This means that no one can rely on dsadd or the snapin, especially for group management. Not a good story.

    I'm going to try to use the ActiveDirectory namespace going directly to .NET framework... if anyone else has a successful API to do this, I'd be happy to hear about it.

    UGH.

    Friday, May 18, 2012 4:29 PM
  • I can confirm what you report, the Add-ADGroupMember cmdlet cannot add a contact object to a group. The error message states that the object cannot be found. It cannot be using dsadd, as Add-ADGroupMember depends on the .NET framework, while dsadd does not. But obviously the same logic must be used. Again, my guess is that the problem is that the cmdlet assumes the prospective member has a sAMAccountName attribute (although that makes little sense when you supply the distinguished name of the contact).

    I tested and confirmed that the second method I suggested earlier, using the [ADSI] accelerator, works. I can add a contact object to a group using code similar to:


    $Group = [ADSI]"LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com"
    $Contact = [ADSI]"LDAP://cn=Joe Contact,ou=Sales,ou=West,dc=MyDomain,dc=com"
    $Group.Add($Contact.ADsPath)

    -----

    I reported the bug in dsadd long ago, but I doubt they will address the issue. However, I would hope they would fix the problem with Add-ADGroupMember.


    Richard Mueller - MVP Directory Services

    Friday, May 18, 2012 7:48 PM
  • I've discovered that the Get-ADGroupMember cmdlet does not reveal any members of the group that are contacts. A careful reading of the documentation shows mention of user, group, and computer objects, but no mention of contact objects as members. For example, this documentation for Add-ADGroupMember:

    http://technet.microsoft.com/en-us/library/ee617210.aspx

    This makes me think the issue is known and not considered a bug. Just a guess, but because the default set of attribute values retrieved by Get-ADGroupMember includes sAMAccountName, it was long ago decided that contacts could not be accomodated. However, it seems to me that extra code would be required to ignore contact members of the group.


    Richard Mueller - MVP Directory Services

    Friday, May 18, 2012 8:09 PM