Mail Enabling large amount of security groups

PowerShell Help
1

Using the above code I am attempting to set values in a range of security groups. The input file has the correct headers “SamAccountName,DisplayName,PrimarySmtpAddress” however, it errors with "Cannot validate argument or parameter ‘Identity’.

Any ideas?

2

That’s a bit of an odd script fragment that you’ve posted. The nested script block (enclosed in the {}) makes no sense. Also, Set-ADGroup doesn’t appear to have an Alias parameter so that’s not going to work. Looking at the parameter names, I think you might have confused Set-ADGroup and Set-Mailbox?

3

You should find the group and then pipe it to Set-ADGroup. However, you need to filter with Get-ADGroup. Your code is saying find ALL groups and then filter groups where criteria meets X. Not sure why you also trying to set the DisplayName as it’s the same DisplayName you just used to search with, so it’s already named that value. Take a look at the logic and see if this will meet your requirements:

$grps = import-csv "C:\temp\test.csv" -Delimiter ";"

foreach ($grp in $grps) {

$modifyGroup = Get-ADGroup -Filter "Name -eq $grp.DisplayName"
    if ($modifyGroup) {
        #Splatting
        $grpParams = @{
            Alias                         = $i.DisplayName 
            PrimarySmtpAddress            = $i.PrimarySmtpAddress
            HiddenFromAddressListsEnabled = $true
            ErrorAction                   = "Stop"
        }
        try {
            $modifyGroup | Set-ADGroup @grpParams 
        }
        catch {
            "Unable to modify group {0}. {1}" -f $grp.DisplayName, $_
        }
    }
    else {
        "Could not find group {0}" -f $grp.DisplayName
    }
}
4

Thanks for all the input, this seems like it will work, just one question, working at a new org and they use Quest, as their authoritative source, any ideas on Quest equivalent for Get-Adgroup? The command is Get-Qadgroup, but it doesn’t accept the -Filter.

Thanks

5

Haven’t used Quest in years personally, but looks like they use LDAPFilter (which you can do with Get-ADGroup as well) per the documentation (Example 3).

Get-QADGroup -LdapFilter "(Name=$grp.DisplayName)"
6 
$grps = import-csv "C:\temp\test.csv" -Delimiter ","


$SAN=$grp.SamAccountName

foreach ($grp in $grps) 
{

$modifyGroup = Get-QADGroup -LdapFilter "(Name=$SAN)"   
	if ($modifyGroup) {
        #Splatting
        
	$grpParams = @{
            
		Alias                         = $i.DisplayName 
            
		PrimarySmtpAddress            = $i.PrimarySmtpAddress
            
		HiddenFromAddressListsEnabled = $true
            
		ErrorAction                   = "Stop"
        
	}
        
try {
            
	$modifyGroup | Set-QADGroup @grpParams 
        
	}
        
	catch {
            
		"Unable to modify group {0}. {1}" -f $grp.DisplayName, $_
        
		}
    
}
    
else {
        
	"Could not find group {0}" -f $grp.DisplayName
    
	}

}

Getting an error, unable to modify group because a parameter can’t be found that matches “Hiddenfromaddresslist”.

Any thoughts?

I add the San variable to help pull the SAN name as the displayname attribute is blank in AD, I am attempting to set the Mail
,Mailnickname,ProxyAddresses and SamAccountName. SamAccountname is already on the security groups, so just need to set the email mainly.

7

Sorry, the $i are actually $grp