There are times when you need a quick one-liner to add Active Directory group membership based on users selected by some data. In this case I needed to move AD users into AD Distribution lists based on their email (mail attribute) externally managed information.
The following script finds the users be looking at the LDAP filter of mail = *@domaintochek.com and then adds the found users to a AD Group.
1 |
get-aduser -ldapfilter "(mail=*@domaintocheck.com)" | foreach { add-adgroupmember EAPPolicy1 $_.samaccountname } |
The example above will add all users with email addresses containing @domaintocheck.com to a Active Directory Group object called “EAPPolicy1”.
The quick change moved the customers AD managing their mail attribute to Exchange Address Policy (EAP) for a one off conversion. The Identify Management will then be adding users into the correct AD groups for Exchange to stamp the correct EAP policy.