This post is also available in: Polish
To keep Exchange Distribution Groups in order, we recommend to “clean” members of those groups.
We should remove all disabled users from distribution groups.
When we have a lot of Distribution Group we can use powershell script like below to do this.
This script gets all Distribution Groups from Exchange Organization, then will check every group for users which are disabled and they have Active Directory account in specified OU.
This script will also export all informations to a .csv file, where you can find following informations:
- Name of distribution group
- user DisplayName
- SamAccountName
- path in Active Directory to user account
Following script you can copy and save as .ps1 file and then run on Exchange server:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
Set-AdServerSettings -ViewEntireForest $True
#path to output file
$OutFile = 'D:\Scripts\Logs\'
$OutFile_LOG = $OutFile+'DL_removeusers_'+$(get-date).ToString('yyyyMMdd')+'.csv'
$totalObj = @()
#get all distribution groups
$temp = Get-DistributionGroup -ResultSize Unlimited |
ForEach-Object {
#get only disabled users from specified OU
[array]$mem = Get-DistributionGroupMember -id $_ -ResultSize Unlimited | where-object {($_.identity -like "domain/company/Corporate1/Users/*" -or $_.identity -like "domain/company/Corporate2/Users*") -and $_.RecipientTypeDetails -eq "Disableduser"}
for ($i = 0; $i -lt $mem.Count; $i++) {
$member = $mem[$i].name
#remove user from distribution group
Remove-DistributionGroupMember -Identity $_ -Member $mem[$i].DistinguishedName -BypassSecurityGroupManagerCheck -confirm:$false
$obj = New-Object System.Object
$obj | Add-Member -MemberType NoteProperty -Value $_.Name -Name 'Distribution Group' -Force
$obj | Add-Member -MemberType NoteProperty -Value $member -Name 'Members' -Force
$obj | Add-Member -MemberType NoteProperty -Value $mem[$i].SamAccountName -Name 'SamAccountName' -Force
$obj | Add-Member -MemberType NoteProperty -Value $mem[$i].identity -Name 'OU' -Force -PassThru
$totalObj += $obj
}
}
#create output file
$totalObj | Export-Csv -Encoding 'Unicode' $OutFile_LOG
If you want to get only list of users who meet conditions, but without removing them from distribution group, you need to commented following line like below:
# Remove-DistributionGroupMember -Identity $_ -Member $mem[$i].DistinguishedName -BypassSecurityGroupManagerCheck -confirm:$false
English 
polski
I cannot get this to work. It does run, but the log file is blank
Just figured out my problem after examining the script more closely. It works for Disabled accounts in Exchange, not in AD which is what I was looking for. I think I still may find use for this excellent script.
Exaclty, this script removes disabled mailbox from distribution group. If you need to remove disabled AD accounts you can easly modify this script.
If you will have any problems with this let me know.
Hi there,
I’m fairly new to PS, how would I modify this to search for disabled AD users? Would I need to import that AD module and then do something like a variable for get-aduser -filter disabled?
Hi
If you use this script you don’t have to modify it. It will find disabled users in specified group and remove them. But if you want to find all disabled users in Active Directory then you need to start powershell console then import-module activedirectory and next run:
Search-ADAccount -AccountDisabled -UsersOnly
this will return all disabled users in AD.
This script will remove users disabled in Exchange. You can use below
[array]$mem = Get-DistributionGroupMember -id $_ -ResultSize Unlimited | where-object {$_.RecipientTypeDetails -eq “Disableduser”}
to find all uses not from specified OU.
or if you just want to find all Distribution Groups and remove all users whos Active Directory accounts are disabled then you can use this:
$groups = Get-DistributionGroup -ResultSize Unlimited
foreach($group in $groups){
Get-DistributionGroupMember $group |
?{$_.RecipientType -like ‘*User*’ -and $_.ResourceType -eq $null} | Get-User | ?{$_.UserAccountControl -match ‘AccountDisabled’} | Remove-DistributionGroupMember $group -Confirm:$false
}
you need to run this command in Exchange Management Shell.
Hi,
Thanks for the reply. So would I replace Get-DistributionGroupMember -id $_ -ResultSize Unlimited | where-object {($_.identity -like “domain/company/Corporate1/Users/*” -or $_.identity -like “domain/company/Corporate2/Users*”) -and $_.RecipientTypeDetails -eq “Disableduser”} with Search-ADAccount -AccountDisabled -UsersOnly?