Exchange power shell script to place users in certain DB based on AD groups

Question

Hi

We have an exchange ps script that we manually use to create email accounts in a certain database. We would like to setup something that creates the email and places the new email account in the correct exchange database based on the AD user group. for users that belong to employees group have them placed in the staff DB on exchange, for users that are members of student group have them placed in the students DB on exchange we would then setup a scheduled task to run nightly . Any help would be great or if you can point me in the right direction.

Below is the script we are using:

PowerShell find UPN of users in the given OU and create Exchange Mailbox with the alias == UPN

If the mailbox already exists, the script errors on that entry.

(PowerShell - Active Directory LDAP DirectoryServices.DirectoryEntry)

Version 1, August 2010, tested with WinSvr 2008 R2 Stnd and Exchange 2010 Stnd

$DbLocation = 'staff-db'
$RetentionPol = 'staff Policy'
$Dom = 'LDAP://OU=users;DC=domain;DC=com'
$Root = New-Object DirectoryServices.DirectoryEntry $Dom
$i=0

Create a selector and start searching from the Root of AD

$selector = New-Object DirectoryServices.DirectorySearcher
$selector.SearchRoot = $root
$adobj= $selector.findall() |`
where {$_.properties.objectcategory -match "CN=Person"}
foreach ($person in $adobj){
$prop=$person.properties
$i++
# In AD the property is userPrincipalName however, PS makes the attribute lower case, hence userprincipalname
$upn = $prop.userprincipalname[0]
# The UPN contains @ followed by the suffix, we only want the UPN prefix so we use split:
$upnsplit = $upn.split("@")
$alias = $upnsplit[0]
# Output the alias to the screen:
Write-host $alias
# Enable the exchange mailbox
Enable-Mailbox -Identity "$upn" -Alias "$alias" -Database "$DbLocation" -RetentionPolicy "$RetentionPol"

}
"Total $i"

Answer 1

How about something like this?

This has NOT been tested!

$i = 0
$EmployeeGroupName = 'employees'
$StudentGroupName = 'students'
$EmployeeGroupDN = (Get-ADGroup $EmployeeGroupName).distinguishedName
$StudentGroupDN = (Get-ADGroup $StudentGroupName).distinguishedName

$h = @{
    # group                database       policy
    $EmployeeGroupName = 'staff-db', 'staff Policy'
    $StudentGroupName  = 'student-db', 'student Policy'
}

Get-ADUser -Filter * -Properties objectCategory, memberOf | 
    Where-Object { $_.objectCategory -like "CN=Person,*" } |
        ForEach-Object {
            $i++
            $db = ""
            $pol = ""
            $add = $false
            if ($_.memberOf -contains $EmployeeGroupDN -AND $_.memberOf -contains $StudentGroupDN) {
                # this is probably an error. can a user belong to both groups?
                Write-Host "$($_.samaccountname) is in both groups!"
            }
            elseif ($_.memberOf -contains $EmployeeGroupDN) {
                $db = $h.$EmployeeGroupName[0]
                $pol = $h.$EmployeeGroupName[1]
                $add = $true
            }
            elseif ($_.memberof -contains $StudentGroupDN) {
                $db = $h.$StudentGroupName[0]
                $pol = $h.$StudentGroupName[1]
                $add = $true
            }
            else {
                # user is not a member of either group. if this an error?
                Write-Host "$($_.samaccountname) isn't a member of either group"
            }
            if ($add) {
                $alias = ($_.userprincipalname -split '@')[0]
                # Output the alias to the screen:
                Write-Host $alias
                # Enable the exchange mailbox
                Enable-Mailbox -Identity $_.userprincipalname -Alias $alias -Database $db -RetentionPolicy $pol
            }
        }
"Total $i"

Edit: Changed -Filter. Added objectCategory to -Properties. Added "Where-Object". Added place-holder error messages