skip to Main Content

Manage Distribution Group using PowerShell in Office 365 | Delete Distribution Group and members | Convert Distribution Group | Part 5#5

The current article is fifth and the last article in our article series, which is dedicated to the subject of managing Distribution Group in Office 365 and Exchange Online based environment using PowerShell.

The article includes two main sections:

  1. Distribution Group management tasks that relate to deletion of Distribution Group or deletion of members from a Distribution Group.
  2. Additional Distribution Group posable management task which I describe as – “Playing with Distribution Group.” In this section, we review two “tricks” that enable us to bypass inherent limitations of a Distribution Group.
    • Converting Office 365 distribution Group to Security Group and vice versa.
    • Assign “Full Access” permissions to Distribution Group + use AutoMapping option.

1. Delete Distribution Group + Remove members from Distribution Group

In the following section, we review the Distribution Group management task that relates to a “deletion” or a “removal” of:

  1. Distribution Group – for this purpose, we use the PowerShell
    cmdlets – Remove-DistributionGroup
  2. A specific member\s from a Distribution Group -for this purpose, we use the PowerShell
    cmdlets – Remove-DistributionGroupMember

Delete (Remove) a Distribution Group

Delete (Remove) a Distribution Group

To delete an existing Distribution Group, we use the following PowerShell command:

PowerShell command syntax

Remove-DistributionGroup "<Distribution Group Name>"

PowerShell command Example

Remove-DistributionGroup "Sales USA "
Note – at the current time, Office 365 doesn’t provide the option of restoring a deleted Distribution Group. So, before to “rush” to the distorted existing Distribution Group, think twice!

Remove a member from a Distribution Group

To be able to remove a specific member or members from a Distribution Group, we use the following PowerShell syntax:

PowerShell command syntax

Remove-DistributionGroupMember -Identity "<Distribution Group name>" -Member "<Member name>"

PowerShell command Example

Remove-DistributionGroupMember -Identity "Sales USA" -Member "Bob"

Remove user from all the Distribution Groups which he is a member in

In the following scenario, we want to fulfill the following requirement:

We want to get a list of all the Distribution Group, which a specific user is a member of.

Then, we want to remove the user from each Distribution Group, which he is a member.

PowerShell command Example

 
$DistributionGroups = Get-Distributiongroup -resultsize unlimited
$UserDName = read-host “Enter User Name"
$UserDName = (Get-Mailbox $User).name
"Searching which groups " + $User + " is a member of and removing membership..."
ForEach ($Group in $DistributionGroups)
{
if ((Get-Distributiongroupmember $Group.Name | select -expand name) -contains $UserDName)
{
write-host "Removing user from group '$Group'"
Remove-DistributionGroupMember -Identity "$Group" -Member "$UserDName" -Confirm:$false
}
}

Remove all members from a Distribution Group

In the following scenario, we wish to “clean” a specific Distribution Group from all the members that are contained in the Distribution Group.

In other words, we want to “bulk removes” all existing members.

To be able to fulfill this requirement, we can use the following PowerShell syntax:

PowerShell command Example

 $DistributionGroupMember = Get-DistributionGroupMember "IT"
ForEach ($member in $DistributionGroupMember)
{
Remove-DistributionGroupMember -Identity IT –Member $member.name -Confirm:$false
}

How to convert Distribution Group into a security group | Tips and tricks

Let’s start with the simple fact that at the current time, Office 365 and Exchange Online environment doesn’t provide an option for converting existing Distribution Group to a security group (the most accurate term is a mail-enabled security group).

I use the term “convert” for describing a process that can partially simulate the process of converting group from type X to type Y.

The solution that I offer is based on the following steps:

  1. Create a NEW security Distribution Group.
  2. Copy all the members from the existing Distribution Group to the “destination” security Distribution Group.
  3. Delete \ Remove the Distribution Group

It’s important to me to mention that, the “trick” in which we copy the numbers from one type of group (the Distribution Group) to the “other group” (security group) is not providing a “full solution” because, the group properties such as mail permissions or other Distribution Group properties are not “migrated” to the new group.

In the following section, I provide two “flavor” of the PowerShell script that will implement the “group conversation process.”

The first example implements a very basic process that copies the Distribution Group member to the NEW group.

Copy members from Distribution Group to a security group

PowerShell command Example

$Members = Get-DistributionGroupMember -id "<Name of the source group>"
ForEach ($Member in $Members)
{
Add-DistributionGroupMember -Identity "<Name of the destination security group>" -Member $Member.name
}

The second example, provides more “sophisticated operation” and performs the following tasks:

  • Creating the NEW “destination security group”
  • Define a group name that is based on the following naming convention – the name of the Distribution Group + the string “NEW”.
  • Copy the remember from the Distribution Group to a temporary variable.
  • Copy the Distribution Group members to the “NEW security group.”

Variation 2

PowerShell command Example

$DistributionGroupName = Read-Host -prompt "Type the Distribution Group name"

$Members = Get-DistributionGroupMember -id $DistributionGroupName
New-DistributionGroup -Name $DistributionGroupName-NEW -Type Security
ForEach ($Member in $Members)
{
Write-host “NEW security group named - $DistributionGroupName-NEW created!”
Write-host “The security group - $DistributionGroupName-NEW contain all the members of the Distribution Group named - $DistributionGroupName”
Add-DistributionGroupMember -Identity "$DistributionGroupName-NEW" -Member $Member.name
}

Assign “Full Access” permissions to Distribution Group + use AutoMapping option | Tips and tricks

In the following section, we use a trick, that will enable us to provide Full Access permissions to each of the members who include in a specific Distribution Group.

We will not get into a very detailed explanation of the possible permission’s matrix in Exchange and Exchange Online base environment, but shortly explain that technically, we cannot provide permissions to Distribution Group on “other objects” such as Exchange Online mailbox because Distribution Group is not a “security-enabled object.”

Note – if you want to read more detailed information about the subject of “Full access permissions” in the Exchange Online environment, you can read the article – Full Access Mailbox permission – Everything You Always Wanted to Know About But Were Afraid to Ask part 1/3

In other words, technically, we cannot fulfill the requirement of providing Full access permissions to a Distribution Group on the other Exchange mailbox.

The trick that we use, bypass this limitation in the following way:

  • We get a list of each member in a specific Distribution Group
  • We store this information temporarily in a variable
  • We take the information stored in the variable (the Distribution Group members) and assign Full access permission for each of the members on the “destination mailbox.”
  • In case that we assign the Full access permission “directly” to a specific Exchange user account, the feature of “AutoMap” will be activated and after the Full Access permissions are assigned, the “destination mailbox” will automatically appear in the user Outlook mail profile.

Extract Distribution Group member’s, and assign Full access permissions for each group member

PowerShell command Syntax

$DistributionGroupName = Get-DistributionGroupMember "<Distribution Group name>"
ForEach ($Member in $DistributionGroupName)
{
Add-MailboxPermission -Identity "<mailbox identity>“ -User $Member.name -AccessRights ‘FullAccess’ -InheritanceType all
}
  • In our example, the Distribution Group name is – Sales France
  • The destination mailbox meaning the mailbox which we want to provide the Full access permissions is the mailbox of a user named – Brad

Extract Distribution Group member’s, and assign Full access permissions for each group member

PowerShell command Example

$DistributionGroupName = Get-DistributionGroupMember "Sales France"
ForEach ($Member in $DistributionGroupName)
{
Add-MailboxPermission -Identity "Bradp"  -User $Member.name -AccessRights ‘FullAccess’ -InheritanceType all
}

The o365info Team

The o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

This Post Has 2 Comments

  1. if I have a csv file with user email addresses or aliases how can I import them into the script to remove them from a distribution list or to remove them from all associated distribution lists

Leave a Reply

Your email address will not be published. Required fields are marked *