Exchange 2010 remove disabled users from distribution group

This post is also available in: Polish

To keep Exchange Distribution Groups in order, we recommend to “clean” members of those groups.

We should remove all disabled users from distribution groups.

When we have a lot of Distribution Group we can use powershell script like below to do this.

This script gets all Distribution Groups from Exchange Organization, then will check every group for users which are disabled and they have Active Directory account in specified OU.

This script will also export all informations to a .csv file, where you can find following informations:

 

  • Name of distribution group
  • user DisplayName
  • SamAccountName
  • path in Active Directory to user account

 

Following script you can copy and save as .ps1 file and then run on Exchange server:

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 
Set-AdServerSettings -ViewEntireForest $True
#path to output file
$OutFile = 'D:\Scripts\Logs\' 
$OutFile_LOG = $OutFile+'DL_removeusers_'+$(get-date).ToString('yyyyMMdd')+'.csv'

$totalObj = @()
#get all distribution groups
$temp = Get-DistributionGroup -ResultSize Unlimited | 
ForEach-Object { 
  #get only disabled users from specified OU
  [array]$mem = Get-DistributionGroupMember -id $_ -ResultSize Unlimited | where-object {($_.identity -like "domain/company/Corporate1/Users/*" -or $_.identity -like "domain/company/Corporate2/Users*") -and $_.RecipientTypeDetails -eq "Disableduser"} 
  for ($i = 0; $i -lt $mem.Count; $i++) { 
    $member = $mem[$i].name 

    #remove user from distribution group
    Remove-DistributionGroupMember -Identity $_ -Member $mem[$i].DistinguishedName -BypassSecurityGroupManagerCheck -confirm:$false     
    $obj = New-Object System.Object 
    $obj | Add-Member -MemberType NoteProperty -Value $_.Name -Name 'Distribution Group' -Force 
    $obj | Add-Member -MemberType NoteProperty -Value $member -Name 'Members' -Force 
    $obj | Add-Member -MemberType NoteProperty -Value $mem[$i].SamAccountName -Name 'SamAccountName' -Force 
    $obj | Add-Member -MemberType NoteProperty -Value $mem[$i].identity -Name 'OU' -Force -PassThru 
    $totalObj += $obj 
  } 
}

#create output file
$totalObj | Export-Csv -Encoding 'Unicode' $OutFile_LOG

 

If you want to get only list of users who meet conditions, but without removing them from distribution group, you need to commented following line like below:

 

# Remove-DistributionGroupMember -Identity $_ -Member $mem[$i].DistinguishedName -BypassSecurityGroupManagerCheck -confirm:$false

 

 

Print Friendly
Tagged , , , , . Bookmark the permalink.

7 Responses to Exchange 2010 remove disabled users from distribution group

  1. Craig says:

    I cannot get this to work. It does run, but the log file is blank

    • Craig says:

      Just figured out my problem after examining the script more closely. It works for Disabled accounts in Exchange, not in AD which is what I was looking for. I think I still may find use for this excellent script.

      • Remigiusz Szatkowski says:

        Exaclty, this script removes disabled mailbox from distribution group. If you need to remove disabled AD accounts you can easly modify this script.
        If you will have any problems with this let me know.

        • New to PS says:

          Hi there,

          I’m fairly new to PS, how would I modify this to search for disabled AD users? Would I need to import that AD module and then do something like a variable for get-aduser -filter disabled?

          • Remigiusz Szatkowski says:

            Hi
            If you use this script you don’t have to modify it. It will find disabled users in specified group and remove them. But if you want to find all disabled users in Active Directory then you need to start powershell console then import-module activedirectory and next run:
            Search-ADAccount -AccountDisabled -UsersOnly
            this will return all disabled users in AD.

          • Remigiusz Szatkowski says:

            This script will remove users disabled in Exchange. You can use below
            [array]$mem = Get-DistributionGroupMember -id $_ -ResultSize Unlimited | where-object {$_.RecipientTypeDetails -eq “Disableduser”}
            to find all uses not from specified OU.
            or if you just want to find all Distribution Groups and remove all users whos Active Directory accounts are disabled then you can use this:
            $groups = Get-DistributionGroup -ResultSize Unlimited
            foreach($group in $groups){
            Get-DistributionGroupMember $group |
            ?{$_.RecipientType -like ‘*User*’ -and $_.ResourceType -eq $null} | Get-User | ?{$_.UserAccountControl -match ‘AccountDisabled’} | Remove-DistributionGroupMember $group -Confirm:$false
            }

            you need to run this command in Exchange Management Shell.

  2. New to PS says:

    Hi,

    Thanks for the reply. So would I replace Get-DistributionGroupMember -id $_ -ResultSize Unlimited | where-object {($_.identity -like “domain/company/Corporate1/Users/*” -or $_.identity -like “domain/company/Corporate2/Users*”) -and $_.RecipientTypeDetails -eq “Disableduser”} with Search-ADAccount -AccountDisabled -UsersOnly?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>