Tag Archives: Distribution Groups

How to Upgrade the Distribution Group version from Exchange 2003 to Exchange 2010 for All Objects

In my Exchange environment, I have thousands and thousands of distribution groups, all of which needed to be upgraded to the latest Exchange version so that they could be easily managed in the Exchange Management Console by our help desk.

Not wanting them to have to manually upgrade each one as they came across them, I looked for a way to upgrade all of them all at once. It’s actually quite simple, just run the command below… it simply retrieves each Distribution Group and then runs the “Set” command against it. It doesn’t actually make any modifications to the object though, it just upgrades it to the latest version.

get-DistributionGroup | set-DistributionGroup
Advertisements

How to Automatically Remove Spaces from Legacy Distribution Groups for Exchange 2007 & 2010

In Exchange 2003, it was possible to create a mailNickname (aka Exchange Alias) with special characters in it such as spaces. This poses a major problem in Exchange 2010, as it does a validation on that field and if it’s invalid in any way, it considers it a corrupt object. This prevents you from upgrading the object and will also prevent Distribution Group managers from modifying their lists.

Personally, I manage an Exchange environment with thousands and thousands of groups, hundreds of which included spaces. Modifying them one at a time wasn’t an option, so I found this PowerShell script to remove them programmatically.

Simply copy this script into a text file and name the file “FixDistro.ps1.” Open up the Exchange Management Shell (make sure to Run As Administrator), navigate to the directory holding the script and type: “./FixDistro.ps1”


$DistributionGroups = Get-DistributionGroup -OrganizationalUnit "internal.domain.local/OU/SubOU" | Where {$_.Alias -like "* *"}

ForEach($DistributionGroup in $DistributionGroups) {Set-DistributionGroup $DistributionGroup.Name -Alias:($DistributionGroup.Alias -Replace " ", "")}

It should go through and change all of the Distribution Groups so that they will not have spaces in them. Please note however that if the script runs into a Distro with another special character, it will likely terminate. You can either fix that distro manually and then rerun this script or simply modify this script to replace those particular special characters.

You will get a prompt to upgrade the object to Exchange 2010. Instead of hitting a key each time, just hold down the Enter key and it will fly through them pretty quick.

User with Exchange 2003 Mailbox Cannot Manage Membership of Exchange 2010 Distribution Group

Consider the following scenario:  You have added Exchange 2010 to your Exchange 2003 infrastructure and intend on running both simultaneously for a period of time.

You create a new Distribution Group in Exchange 2010, and use the Exchange Management Console/Shell to add multiple users as managers for the group, including one or more Exchange 2003-based users.  After doing so, the Exchange 2003 users cannot manage the membership of the distribution group through Outlook.

However, any Exchange 2010-based users can manage the membership of the group.

Root Cause
In Exchange 2003, you would specify a single manager for a Distribution Group by using Active Directory Users and Computers; specifically the Managed By tab in the properties of the group.

In Exchange 2010, you can set multiple managers for a Distribution Group by using the Exchange Management Console/Shell.  This is done by going to the properties of the specific Distribution Group, and then clicking on the Group Information tab.  The “Managed By” section will allow you to add as many members as you wish.

When a group is created in Exchange 2010 and multiple managers are specified, only one of those managers (the first one added), will appear on the “Managed By” tab if you look at the properties from within Active Directory Users & Computers on a computer with the Exchange System Manager installed.

Therefore, as far as Exchange 2003 is concerned, only one user actually has “manage” permissions for the Distribution Group.

Solution
If you only have one Exchange 2003 user that needs permissions to manage the Distribution Group, you can use Active Directory Users & Computers to set them as the manager of the group.

That action will not affect the other managers of the group specified in the Exchange 2010 Management Console as long as they are homed on an Exchange 2010 server.

If you have multiple Exchange 2003 users that need to manage the membership of a Distribution Group, you will have to migrate those users to Exchange 2010.

Additional Information
In addition, you will likely need to ensure that you follow the instructions in this blog from Microsoft:

http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx

By default, users are prevented from managing the membership of a Distribution Group in Exchange 2010 even if they are specified under “Managed By:” on the Group Information tab.  The above blog outlines this behavior in Exchange 2010 and the steps/scripts necessary to remedy it.

How to Modify the Default OU for New Distribution Groups in Exchange 2010

When creating a new distribution group with the Exchange Management Shell or Console in Exchange 2010, it will by default attempt to place the group in the Domain\Users (CN=Users,DC=domain,DC=com) folder.

While it is simple enough to specify the organizational unit (OU) while creating the distribution list, it is sometimes difficult for delegates to remember to specify the OU.

The solution is to use the Set-OrganizationConfig in order to change the default OU to whatever you want it to be.  Just launch the Exchange Management Console and run the following command:


Set-OrganizationConfig –DistributionGroupDefaultOU “[distinguishedName of OU]”

If you’re unfamiliar with how to retrieve the distinguishedName of the OU, just go to Active Directory Users & Computers and select View – Advanced Features.

Now, find the OU and right-click on it to select Properties.  There should be an Attribute Editor tab displayed which will list out all of the attributes for the OU, including the distinguishedName (you can double-click on it in order to copy/paste it in to your command).

If you would like to do the same thing for new mailboxes that are created, you can’t (at least as of SP1). The only way to enable similar funcationality for mailboxes is to use mailbox templates, which then require that you create all new mailboxes from the Exchange Management Shell instead of the console.

How to Correct RBAC Permissions for Distribution List Membership Management in Exchange 2010

If you have just installed Exchange 2010 and are experiencing an issue with end users’ not being able use Outlook to add members to distribution groups they own, there is now a “fix” for it.  I say fix with air quotes because, according to Microsoft, nothing is really broken, it’s by design with the new RBAC permissions model.

Matt Byrd with The Exchange Team has an excellent blog article on this at:

http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx

…with the actual script to fix it located at:

http://gallery.technet.microsoft.com/scriptcenter/8c22734a-b237-4bba-ada5-74a49321f159

After running the script, your end users should be able to manage the membership of any distribution groups they are listed as the manager of.