Monthly Archives: October 2011

You are browsing the site archives by month.

Check AD Group Membership using PowerShell

Here is a function which allows you to quickly check the group membership of a particular user.
Click here to download the script file.

< #Function to check group membership of the user when “samaccountname” and “groupname” is provided.Returns “True” or “False”
#>
Function IsMemberOf ($user, $adgroup) {
    Import-Module ActiveDirectory
    $groupusers = Get-ADGroupMember $adgroup| Select-Object –ExpandProperty` SamAccountName
    If ($groupusers -contains $user) {
             $True
     }
    Else { $false
      }
}
#Example
IsMemberOf “vik” “PowerUsersGroup”

Enable/Disable Exchange Activesync using Powershell script

The script below enables or disables the Exchange Activesync based on specified Security group.
I have tested this with Exchange 2007.

There is lot of room for improvement in the script but for now it does the job!!!
Make sure to change the values to your requirements before deploying.
To run this as a scheduled task refer to http://technet.microsoft.com/en-us/library/bb123798(EXCHG.80).aspx

Click here to download the script.
*****************************************************************************

Set-PSDebug -Off
#Import Active directory module
Import-module activedirectory
$arrusers = @(Get-ADUser -Filter * -SearchBase “DC=fabrikam,DC=COM“)

foreach ($arruser in $arrusers){
$arrusers1 = Get-ADUser -Filter { (samaccountname -eq $arruser.samaccountname) -and (memberOf -RecursiveMatch “CN=Enable ActiveSync,OU=Groups,DC=uk,DC=fabrikam,DC=COM“) } -SearchBase “DC=fabrikam,DC=COM
#Write-host $arrusers1.DistinguishedName

#If user is member of a group enables Activesync, allows to sync any Activesync device and assign a Activesync policy
If ($arrusers1) {
#Write-Host “Enabling activesync for $arrusers1”
set-CASMailbox -Identity $arrusers1.DistinguishedName -ActiveSyncEnabled:$True -ActiveSyncAllowedDeviceID:$null -ActiveSyncMailboxPolicy “fabrikam ActiveSync Policy” }

Else { #Write-host “disabling activesync for $arruser”
set-CASMailbox -Identity $arruser.DistinguishedName -ActiveSyncEnabled:$False -ErrorAction SilentlyContinue }

}