Updating the Managed By Property in Exchange 2010 Using PowerShell

Posted on August 18, 2011 by Russ Kaufmann

I ran into an interesting problem that actually encapsulated two different problems.

I have a .csv file that has the names of Distribution Groups and the Users that need to have Managed By permissions so they can update the members of the Distribution Group. The file contents look like this:

Identity,User

Contoso.com/Distribution Lists/DG1,contoso\russ.kaufmann

Contoso.com/Distribution Lists/DG1,contoso\mother.goose

Contoso.com/Distribution Lists/DG1,contoso\jack.b.quick

Contoso.com/Distribution Lists/DG1,contoso\BigBad.Wolf

Contoso.com/Distribution Lists/DG2,contoso\russ.kaufmann

Contoso.com/Distribution Lists/DG2,contoso\BigBad.Wolf

The Identify field is the name of the distribution group. The User field is the name of the user that needs to be in the Managed By list.

Side Note: In Exchange 2003, if you needed multiple people to manage a DG, you could add one of them to the Managed By field for the DG, but you needed to add the others by using Active Directory permissions on the DG object in AD. During migrations, this is a bit of a PITA, especially if you are talking about thousands of DGs.

Problem #1 is this: If you use a simple script and read in the .csv file and then run a Set-DistributionGroup command against each name, it ends up overwriting the field. So, in the case above, if you were to run the command Set-DistributionGroup –identity DG1 –managedby russ.kaufmann, it would work fine. Then, if you use a foreach loop, it would then run the same command and use mother.goose, and so on down the list to add jack.b.quick, and then BigBad.Wolf. The result would be that the ManagedBy field would include only the BigBad.Wolf. In other words, it would overwrite, not add. There is no add option for multivalued fields when it comes to PowerShell.

Problem #2 is this: When it comes to Exchange and PowerShell, you need to be careful when it comes to using commands that run against Exchange objects and properties and commands that run against Active Directory objects and properties. There can be problems when using the two in the same script or in pipelined commands.

I took several swings at this one and failed miserably because of both problems. After lots of research and asking lots of questions, Byron Wright gave me the key to my answer. Thanks, Byron!

Here is what works:

$Data = Import-csv DLUpdateList.txt

foreach ($i in $Data) {

$DG = Get-DistributionGroup $i.identity

$MB = $DG.ManagedBy

$NewUser = get-user $i.user

$NewMB = $MB += $NewUser

Set-DistributionGroup $i.identity -managedby $NewMB -bypasssecuritygroupmanagercheck

}

This entry was posted in Exchange. Bookmark the permalink.

8 Responses to Updating the Managed By Property in Exchange 2010 Using PowerShell

  1. stam says:
    January 24, 2012 at 2:49 am

    in the line $NewMB = $MB += $NewUser it should be $NewMB = $MB + $NewUser
    Other than that the script is great

    Reply
    • Russ Kaufmann says:
      January 26, 2012 at 12:53 pm

      I think the += is the correct operator as I am trying to add to the array. Using just the + will give me a result of the array plus the new item, but it doesn’t actually update the array. At least that is my understanding. I might be wrong, as I often make mistakes in PowerShell.

      Reply
  2. Russ Kaufmann says:
    January 28, 2012 at 12:29 am

    BTW, I thought I should mention that the += is correct as arrays are read only and the += actually is adds to the array by creating a new one with the new entry. I just wish it was easy to do something similar for removing an item from an array and creating a new array without the one item.

    Reply
  3. Scott says:
    February 28, 2012 at 3:10 pm

    Arrays wouldn’t be very useful if they were read-only. Try this simple test:

    $arr = @(1 2 3)
    $arr += 4
    $arr

    You’ll find that your array now has 4 elements. You could eliminate the need for a $NewMB variable entirely:

    $MB = $DG.ManagedBy
    $MB += $NewUser
    Set-DistributionGroup $i.identity -managedby $MB -bypasssecuritygroupmanagercheck

    Reply
    • Russ Kaufmann says:
      February 28, 2012 at 6:32 pm

      But what it does, from my understanding, is create a new array that includes the existing array and the new entry. It doesn’t really add to the existing array.

      Reply
      • Scott says:
        February 28, 2012 at 6:37 pm

        Where did you hear that? The += operator exists in several languages as an append operator. And I don’t see any new array in that code.

      • Russ Kaufmann says:
        February 28, 2012 at 6:41 pm

        I have read that in a couple of places. However, I have been known to be wrong many times, and I am not a developer. You may know better. Despite everything, you are correct, I could do without the additional variable.

        Thanks for your feedback. I appreciate it.

  4. Bevan says:
    December 16, 2014 at 11:00 pm

    Thank you for this, saved me a lot of time. I tried using the @{add=””} command but received errors. Your script worked perfectly.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s