Tips on Quest and Exchange Shell to Manage Groups and Group Members

Groups are of two types Security groups and Distribution Groups. Securities groups are normally used in provide AD Object Permission and NTFS permission and Distribution groups are used to email members of the Distribution Groups or shortly we call it as DL (Distribution List). Security groups can also be enabled as mail enabled security groups that used for Setting Permission and also sending email to the Members of the groups

Figure 1. Details of the Security Groups in Quest Shell

If you wanted this security group to mail enabled so that users can send email to the members of the group once this it enabled this group will also be visible in the GAL. You can only enable universal Security groups. Enable-DistributionGroup Exchange cmdlet does this for us

Figure 2. Exchange Cmdlet to enable Security group to mail enabled security group

Nested Groups is always Challenging. If you are working Nested group and you wanted to find the list of Indirect Nested groups which this group belongs, below Quest cmdlet gets the details

Get-QadGroup <groupname> | Select NestedMemberof

Figure 3. Cmdlet to get the list of Nested member DL

To get the list of DL which this group is member of then

Get-QadGroup <groupname> | select Memberof

Figure 4. Cmdlet to get the list of DL which DL is member of

Groups will always have members and in it. Get-QadGroupsmembers <groupname> will get the list of all the members in it. Members can be a users, group, contact. In the below example usergroup5 has type group “usergroup4” as member. But usergroup4 also has members in it. Those members can be users or groups. Using -Indirect parameter provides the list of all the Direct and Indirect members of the group. This is so simple right. If you wanted to do that same in VBscript we need to write lots of codes may be a recursive finding to find al the members in the nested groups.

Figure 5. Cmdlet to get Direct and Indirect members of the Group

Lets now try to filter out only required object like users or groups or contacts from the Group members. Below powershell cmdlet will get the list of all the -Indirect members and it filters out and displays only members of type Group

get-qadgroupmember usergroup5 -indirect | ?{$_.type -eq “group”}

Same can be done using LDAP filters but this time lets try to get indirect members of type users

get-qadgroupmember usergroup5 -indirect -ldap “(objectCategory=user)”

If you wanted to find the count of all the users in the group then below command does it for us. This uses ldap filter to find the count

@(get-qadgroupmember usergroup5 -indirect -ldap “(objectCategory=user)”).count

Figure 5. Cmdlet gets the count of all the Indirect users in DL Usergroup5

Similarly if you wanted to find the count of group members then we can also use where command to get the count

@(get-qadgroupmember usergroup5 -indirect | ?{$_.type -eq “group”}).count

Figure 6. Cmdlet gets the count of all the Indirect groups in DL Usersgroup5

Another Interesting way to get the Members of the Group and the member count

Below powershell cmdlet gets the list of all the members CN name using get-Qadgroup

(get-Qadgroup usergroup5).members

In the same fashion we can also get count members just by suffixing with .count

(get-Qadgroup usergroup5).members.count