AD Accounts and DistributionGroups

Hi everybody,
i’m not so fit up with powershell but i have a task.

task:

• find every ADaccount, which is disabled and the distributongroup the ADaccount
  belongs to.
• delete the determined ADaccounts from the distributongroups.
  The ADaccounts itself should not be deleted!

An ADaccount can belong to more then one distributongroup.

I found a script determines the ADaccounts with the distributongroups and i deleted the distributongroups memebership through the Active Directory Administrative Center manually.
Furthermore i got different result for one ADaccount because the ADaccount belongs to two or three distributiongroups.

the script:

$groups = Get-DistributionGroup -ResultSize Unlimited
$report = foreach($group in $groups){
Get-DistributionGroupMember $group |
  ?{$_.RecipientType -like 'User' -and $_.ResourceType -eq $null} |
  Get-User | ?{$_.UserAccountControl -match 'AccountDisabled'} |
  Select-Object Name,RecipientType,@{n='Group';e={$group}}
}

Does anyone have solution for that?

This is exchange 2013 on-premise.

Thanks a lot a best regards

Achim,
Welcome to the forum.

Best chance to change that now.

Hmmm … why that? You could use either …

to remove one user from one or more AD groups at once …
… or …

to remove one or more users from one particular AD group.

Hi Olaf,
is a distribution group on exchange2013 a real ‘Active Directory group’?

So what’s the correct code in your opinion?

Best Regards

What do you mean with “real ‘Active Directory group’”? Are there unreal AD groups as well?

I don’t have access to an Exchange system at the moment. So I cannot test. But I’d recommend to get the sAMAccountName instead of the Name or actually on top of what you already get from your query and use this for the removal of the desired accounts.

Please always read the help topics for the cmdlets you’re about to use COMPLETELY including the examples to learn how to use them.