Manage Distribution Group using PowerShell in Office 365 | Delete Distribution Group and members | Convert Distribution Group | Part 5#5 5/5 (2) 7 min read

The current article is fifth and the last article in our article series, which is dedicated to the subject of managing Distribution Group in Office 365 and Exchange Online based environment using PowerShell.

The article includes two main sections:

  1. Distribution Group management tasks that relate to deletion of Distribution Group or deletion of members from a Distribution Group.
  2. Additional Distribution Group posable management task which I describe as – “Playing with Distribution Group.” In this section, we review two “tricks” that enable us to bypass inherent limitations of a Distribution Group.
    • Converting Office 365 distribution Group to Security Group and vice versa.
    • Assign “Full Access” permissions to Distribution Group + use AutoMapping option.

1. Delete Distribution Group + Remove members from Distribution Group

In the following section, we review the Distribution Group management task that relates to a “deletion” or a “removal” of:

  1. Distribution Group – for this purpose, we use the PowerShell
    cmdlets – Remove-DistributionGroup
  2. A specific member\s from a Distribution Group -for this purpose, we use the PowerShell
    cmdlets – Remove-DistributionGroupMember

Delete (Remove) a Distribution Group

Delete (Remove) a Distribution Group

To delete an existing Distribution Group, we use the following PowerShell command:

PowerShell command syntax

PowerShell command Example

Note – at the current time, Office 365 doesn’t provide the option of restoring a deleted Distribution Group. So, before to “rush” to the distorted existing Distribution Group, think twice!
recover / restore deleted office 365 group

Remove a member from a Distribution Group

To be able to remove a specific member or members from a Distribution Group, we use the following PowerShell syntax:

PowerShell command syntax

PowerShell command Example

Remove user from all the Distribution Groups which he is a member in

In the following scenario, we want to fulfill the following requirement:

We want to get a list of all the Distribution Group, which a specific user is a member of.

Then, we want to remove the user from each Distribution Group, which he is a member.

PowerShell command Example

Remove all members from a Distribution Group

In the following scenario, we wish to “clean” a specific Distribution Group from all the members that are contained in the Distribution Group.

In other words, we want to “bulk removes” all existing members.

To be able to fulfill this requirement, we can use the following PowerShell syntax:

PowerShell command Example

How to convert Distribution Group into a security group | Tips and tricks

Let’s start with the simple fact that at the current time, Office 365 and Exchange Online environment doesn’t provide an option for converting existing Distribution Group to a security group (the most accurate term is a mail-enabled security group).

I use the term “convert” for describing a process that can partially simulate the process of converting group from type X to type Y.

The solution that I offer is based on the following steps:

  1. Create a NEW security Distribution Group.
  2. Copy all the members from the existing Distribution Group to the “destination” security Distribution Group.
  3. Delete \ Remove the Distribution Group

It’s important to me to mention that, the “trick” in which we copy the numbers from one type of group (the Distribution Group) to the “other group” (security group) is not providing a “full solution” because, the group properties such as mail permissions or other Distribution Group properties are not “migrated” to the new group.

In the following section, I provide two “flavor” of the PowerShell script that will implement the “group conversation process.”

The first example implements a very basic process that copies the Distribution Group member to the NEW group.

Copy members from Distribution Group to a security group

PowerShell command Example

The second example, provides more “sophisticated operation” and performs the following tasks:

  • Creating the NEW “destination security group”
  • Define a group name that is based on the following naming convention – the name of the Distribution Group + the string “NEW”.
  • Copy the remember from the Distribution Group to a temporary variable.
  • Copy the Distribution Group members to the “NEW security group.”

Variation 2

PowerShell command Example

Assign “Full Access” permissions to Distribution Group + use AutoMapping option | Tips and tricks

In the following section, we use a trick, that will enable us to provide Full Access permissions to each of the members who include in a specific Distribution Group.

We will not get into a very detailed explanation of the possible permission’s matrix in Exchange and Exchange Online base environment, but shortly explain that technically, we cannot provide permissions to Distribution Group on “other objects” such as Exchange Online mailbox because Distribution Group is not a “security-enabled object.”

Note – if you want to read more detailed information about the subject of “Full access permissions” in the Exchange Online environment, you can read the article – Full Access Mailbox permission – Everything You Always Wanted to Know About But Were Afraid to Ask part 1/3

In other words, technically, we cannot fulfill the requirement of providing Full access permissions to a Distribution Group on the other Exchange mailbox.

The trick that we use, bypass this limitation in the following way:

  • We get a list of each member in a specific Distribution Group
  • We store this information temporarily in a variable
  • We take the information stored in the variable (the Distribution Group members) and assign Full access permission for each of the members on the “destination mailbox.”
  • In case that we assign the Full access permission “directly” to a specific Exchange user account, the feature of “AutoMap” will be activated and after the Full Access permissions are assigned, the “destination mailbox” will automatically appear in the user Outlook mail profile.

Extract Distribution Group member’s, and assign Full access permissions for each group member

PowerShell command Syntax

  • In our example, the Distribution Group name is – Sales France
  • The destination mailbox meaning the mailbox which we want to provide the Full access permissions is the mailbox of a user named – Brad

Extract Distribution Group member’s, and assign Full access permissions for each group member

PowerShell command Example

Manage Distribution Group using PowerShell in Office 365 | Article series index

Now it’s Your Turn!
It is important for us to know your opinion on this article

Summary
Manage Distribution Group using PowerShell in Office 365 | Delete Distribution Group and members |Convert Distribution Group | Part 5#5
Article Name
Manage Distribution Group using PowerShell in Office 365 | Delete Distribution Group and members |Convert Distribution Group | Part 5#5
Description
Reviewing how to use PowerShell for managing Distribution Group - Delete Distribution Group and members Convert Distribution Group
Author
Publisher Name
o365info.com
Publisher Logo

Related Post

Please rate this

Eyal Doron on EmailEyal Doron on FacebookEyal Doron on GoogleEyal Doron on LinkedinEyal Doron on PinterestEyal Doron on RssEyal Doron on TwitterEyal Doron on WordpressEyal Doron on Youtube
Eyal Doron

Share your knowledge.

It’s a way to achieve immortality.

Dalai Lama


Leave a Reply

Your email address will not be published. Required fields are marked *