In an earlier article, we looked at managing Exchange 2019 mailboxes using PowerShell. In this article, we will look at managing Exchange 2019 distribution groups using PowerShell. Distribution groups are a big part of a lot of companies. I have migrated several companies to Microsoft Office 365 and have had other clients where I assisted in migrations from legacy Exchange to Exchange 2016. Many of them had a large number of distribution lists. This is a big thing to deal with because if something goes wrong with a list, you can imagine the outcome.
What are we going to cover concerning distribution groups? Here’s our agenda:
- Creating a standard distribution group
- Removing a distribution group
- Mail-enabled distribution groups
- Dynamic distribution groups
You can use the Exchange admin center (EAC) to create distribution groups, but the primary focus is teaching you how to use PowerShell to get your way around Exchange 2019. Let’s move forward and start with the list above — creating a distribution group.
Creating a standard distribution group
We will create a group called “IT Admins” using the command below:
New-DistributionGroup -Name "IT Admins" -Alias itadmins -MemberJoinRestriction open
This command basically creates a distribution group called “IT Admins” and this group is created in the default OU in Active Directory. You can move it to where you want it later on. “Open” at the end means that anyone can join this group. In most cases, you will probably have closed groups, but maybe you have a general group that users can join, like an intranet group.
You can also create a distribution group like the one above and add in members by running a command similar to the one below:
The group above is just an example, but you can see running the command creates an “IT Admins” group and adds the members to the group as we have specified them. There are quite a few options you can specify within the command above and out of scope for this article, but if you want to do more than just the above, you can head over to Microsoft docs for more information.
If you want to add another member to the “IT Admins” group after you have created it, you can run the command below to add a new user:
Add-DistributionGroupMember -Identity "IT Admins" -Member "[email protected]"
If you want to get a list of all distribution groups in the environment, you can run the command below, and it will return all the information.
Take note that this will return mail-enabled security groups as well.
Now that you know how to create groups and add members, we will now move to the next section and show you how to remove a distribution group.
Removing a distribution group
Removing distribution groups will most likely not happen too often, but when you are performing cleanups, or managers decide they no longer want certain distribution groups, you can remove them with a simple command as shown below:
Remove-DistributionGroup -Identity "IT Admins"
If you want to remove a specific user from a distribution group, you can do so by running this command:
Remove-DistributionGroupMember -Identity "IT Admins" -Member "User5"
There isn’t much to this section in terms of removing groups or members. Let’s take a look at mail-enabled distribution groups.
Mail enabled distribution groups
If you want to mail-enable distribution groups — this is for existing security groups and universal distribution groups — you simply need to enable them in PowerShell. This adds the email attributes to them. To mail enable a distribution group, run the following command:
Enable-DistributionGroup -Identity "IT Admins"
If you have an existing group that you do not want to be mail-enabled, you can remove the email attributes by disabling them in PowerShell, the opposite of the command above. Here is the command to disable a distribution group:
Disable-DistributionGroup -Identity "IT Admins"
You see how simple it is. If an admin made a mistake by mail-enabling the wrong group, you can just disable it again without affecting the members of that group. In the last section, we will look at dynamic distribution groups.
Dynamic distribution groups
If you have a dynamic distribution group in your Active Directory environment, it will be mail-enabled already, and it does not rely on someone updating the members manually, as we did earlier. Dynamic distribution groups membership is based on filters and conditions that you define. You might have a dynamic distribution group for all staff at your company, so when the CEO sends out an email, he can send it to this group, and everyone will receive the email.
If you have contractors or vendors with email accounts, you can define a filter that an email gets sent only to full-time employees of the company, so the contracts and vendors will not receive this email. Here is an example of a command you can run in PowerShell to create a group like this:
New-DynamicDistributionGroup -Name "Full Time Employees" -RecipientFilter "(RecipientTypeDetails -eq 'UserMailbox') -and (CustomAttribute10 -eq 'FullTimeEmployee')"
As mentioned, you can see, the CustomAttribute10 field must equal FullTimeEmployee for users to be added to this group.
If you would like to see who is part of the group you created above as an example, you have a two-step process to do. You need to define a variable in PowerShell and then run your command based on what you set:
$FTEmployees= "Full Time Employees"
Now we can run the second command:
Get-Recipient -RecipientPreviewFilter (Get-DynamicDistributionGroup $FTEmployees).RecipientFilter
Exchange distribution groups and PowerShell: Now, you know!
There you have a rundown of managing your distribution groups using PowerShell.
Featured image: Shutterstock
More Exchange 2019 articles
- Exchange 2019 and 2013: Is coexistence possible? Yes, here’s how
- Exchange 2019: How to configure your IMAP settings
- Exchange 2019: How to configure your POP3 settings
- Exchange 2019: Managing your mailboxes with PowerShell
- Building Exchange 2019 from scratch: Configuring a DAG
More PowerShell Basics articles
- How malicious PowerShell scripts evade detection
- Building PowerShell hash tables
- Reading a Windows INI file into PowerShell
- PowerShell errors are easy to suppress — but should you?
- Which type of PowerShell loop should you be using?