Welcome › Forums › General PowerShell Q&A › remove disabled users from distribution groups exchange online
- This topic has 10 replies, 3 voices, and was last updated 6 months, 1 week ago by
Participant.
-
AuthorPosts
-
-
July 7, 2020 at 9:15 am #240791
Hi All
when I try to run this code
PowerShell1234567$groups = Get-DistributionGroup -ResultSize Unlimitedforeach($group in $groups){Get-DistributionGroupMember $group |?{$_.RecipientType -like ‘*User*’ -and $_.ResourceType -eq $null} |Get-User | ?{$_.UserAccountControl -match ‘AccountDisabled’} |Remove-DistributionGroupMember $group -Confirm:$false}I’m getting the following error messages
PowerShell123456Cannot process argument transformation on parameter ‘Identity’. Cannot convert the “name_of_distributionlist” value of type“Deserialized.Microsoft.Exchange.Data.Directory.Management.DistributionGroup” to type“Microsoft.Exchange.Configuration.Tasks.DistributionGroupMemberIdParameter”.+ CategoryInfo : InvalidData: (:) [Get-DistributionGroupMember], ParameterBindin…mationException+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-DistributionGroupMember+ PSComputerName : outlook.office365.comany Idea’s on how to solve this?
thanks for your input
Paul
-
July 7, 2020 at 10:13 am #240803
Without the possiblitiy to test I’d suspect Get-DistributionGroupMember is not able to deal with the complete object. So you should provide only the expected property of the object … try the sAMAccountName:
PowerShell12345678$groups = Get-DistributionGroup -ResultSize Unlimitedforeach ($group in $groups) {Get-DistributionGroupMember -Identity $group.sAMAccountName |Where-Object { $_.RecipientType -like '*User*' -and $null -eq $_.ResourceType } |Get-User |Where-Object { $_.UserAccountControl -match 'AccountDisabled' } |Remove-DistributionGroupMember $group -Confirm:$false} -
July 7, 2020 at 10:41 am #240806
Hi Olaf,
thanks for your suggestion however no joy still the same error message
Paul
-
July 7, 2020 at 6:28 pm #240920
Paul,
hmmm … I didn’t want to test the part with the remove cmdlet but actually the code ran in my environment. Try it this way:
PowerShell1234567891011Get-DistributionGroup -ResultSize Unlimited |ForEach-Object {$DistributionGroup = $_.sAMAccountNameGet-DistributionGroupMember -Identity $DistributionGroup |Where-Object { $_.RecipientType -like '*User*' -and $null -eq $_.ResourceType } |Get-User |Where-Object { $_.UserAccountControl -match 'AccountDisabled' } |ForEach-Object {Remove-DistributionGroupMember -Identity $DistributionGroup -Confirm:$false -Member $_.SamAccountName}} -
July 8, 2020 at 2:44 am #240974
Hi Olaf,
still no luck,
another thing that is weird is that whenever the user account is still active it will workPowerShell1234567891011121314151617181920212223242526272829303132333435363738$mailbox = Get-Mailbox -Identity $email$DN=$mailbox.DistinguishedName$Filter = “Members -like “”$DN”””$DistributionGroupsList = Get-DistributionGroup -ResultSize Unlimited -Filter $FilterWrite-host `nWrite-host “Listing all Distribution Groups:”Write-host `n$DistributionGroupsList | ft$answer = Read-Host “Would you like to proceed and remove $email from all distribution groups ( y / n )?”While (“y”,”n” -notcontains $answer) {$answer = Read-Host “Would you like to proceed and remove $email from all distribution groups ( y / n )?”}If ($answer -eq ‘y’) {ForEach ($item in $DistributionGroupsList) {Remove-DistributionGroupMember -Identity $item.DisplayName –Member $email -Confirm:$false}Write-host `nWrite-host “Successfully removed”Remove-Variable * -ErrorAction SilentlyContinue}Else{Remove-Variable * -ErrorAction SilentlyContinue}do you happen to know why removing the distribution groups for disabled users is such a pain?
-
July 8, 2020 at 8:25 am #241016
do you happen to know why removing the distribution groups for disabled users is such a pain?
Do you want to remove the users or the distribution groups?
-
July 8, 2020 at 9:40 am #241037
Olaf,
I want to remove the users, but the thing is when a user is leaving the company I can deal with that as long as the account is active. for the already deactivated users I’m strugling to get it to work, because I get that error message posted in the original post thrown at me
-
July 8, 2020 at 12:18 pm #241103
Olaf was correct. The problem with the original syntax is that Get-DistributionGroupMember returns a deserialized object which is being passed to the Remove-DistributionGroupMember’s -Identity parameter. Looking at the help for this cmdlet show you what properties you can pass to it. I have put them here: -Identity <DistributionGroupIdParameter>
The Identity parameter specifies the distribution group or mail-enabled security group that you want to modify. You can use
any value that uniquely identifies the group.For example: * Name, * Display name, * Alias, * Distinguished name (DN), * Canonical DN, * Email address or * GUID
Required? true
Position? 1
Default value
Accept pipeline input? True
Accept wildcard characters? falseYou are most likely having an issue because when the account is inactive it has been removed and it sitting in the dumpster which is retained for 30 days after the account is removed. Bigger question is the user on any sort of time based or Lithold?
-
July 8, 2020 at 2:13 pm #241133
Dave thanks for your answer
when I run this code it works on the active users but on the disabled users I get the below mentioned error message
PowerShell1234567891011121314151617181920$users = import-csv c:\temp\csv\toRemove.csvforeach($user in $users){$email = “$($user.email)”$mailbox = Get-Mailbox -Identity $email$DN=$mailbox.DistinguishedName$Filter = “Members -like “”$DN”””$DistributionGroupsList = Get-DistributionGroup -ResultSize Unlimited -Filter $Filter$DistributionGroupsListForEach ($item in $DistributionGroupsList) {Remove-DistributionGroupMember -Identity $item.DisplayName –Member $email -Confirm:$false}}I get the following error message
PowerShell123456The operation couldn’t be performed because object ‘[email protected]’ couldn’t be found on‘xxxxxx.PROD.OUTLOOK.COM’.+ CategoryInfo : NotSpecified: (:) [Get-Mailbox], ManagementObjectNotFoundException+ FullyQualifiedErrorId : [Server=servername,RequestId=3677493e-a17d-4d93-ab7e-7567764e1a25,TimeStamp=7/8/2020 5:46:21 PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] ,Microsoft.Exchange.Management.RecipientTasks.GetMailbox+ PSComputerName : office365when running this code while the user is still active I do get the distributionlists he’s member of
-
July 8, 2020 at 5:42 pm #241172
Because when they are inactive they don’t have an exchange account and the mailbox is marked inactive and in the dumpster. All exchange attributes are removed unless you activate it, assign a license and move the mailbox out of the dumpster. You will want to remove them from all groups before you mark them inactive or remove them to minimize the risk of leaving objects in your gal or orphaned objects.
-
July 9, 2020 at 1:03 am #241247
Dave,
makes sence how would I manage to remove every disabled user from the distribution groups and avoiding errors?
-
-
AuthorPosts
- The topic ‘remove disabled users from distribution groups exchange online’ is closed to new replies.