Upgrading Distribution Groups with multiple owners to Exchange 2013


Before Exchange 2010, if you wanted more than one owner for a Distribution Group you needed to add them to the permissions for that group.

 

Example: User6 is the second owner for Distribution Group Test2007DL

 

When you decide to upgrade those Distribution Groups to Exchange 2013, it looks at the ManagedBy parameter…which can have multiple users/owners.
(You may need to add additional -and $_.User -notlike filters for additional accounts that will not be managing your distribution groups.)

 

If you want to review the owners of a single Distribution Group (Test2007DL):

$owners = Get-ADPermission "CN=Test2007DL,CN=Users,DC=contoso,DC=com" | ?{$_.User -notlike "*Exchange*" -and $_.User -notlike "S-*" -and $_.User -notlike "*Organization*" -and $_.User -notlike "NT*" -and $_.User -notlike "*Domain Admins*" -and $_.User -notlike "*Enterprise Admins" -and $_.User -notlike "BUILTIN*” -and $_.User –notlike "*Delegated Setup*”} | $owners

 

If you want to update a single Distribution Group (Test2007DL):

$owners = Get-ADPermission "CN=Test2007DL,CN=Users,DC=contoso,DC=com" | ?{$_.User -notlike "*Exchange*" -and $_.User -notlike "S-*" -and $_.User -notlike "*Organization*" -and $_.User -notlike "NT*" -and $_.User -notlike "*Domain Admins*" -and $_.User -notlike "*Enterprise Admins" -and $_.User -notlike "BUILTIN*” -and $_.User –notlike "*Delegated Setup*”}  | %{$_.user.tostring()};Set-DistributionGroup Test2007DL -BypassSecurityGroupManagerCheck -ManagedBy $owners

 

If you want to update all Distribution Groups and move those additional owners to the ManagedBy parameter you can run the following command:

 ForEach ($DL in (Get-DistributionGroup -ResultSize Unlimited)) { $owners = Get-ADPermission $DL.identity | ?{$_.User -notlike "*Exchange*" -and $_.User -notlike "S-*" -and $_.User -notlike "*Organization*" -and $_.User -notlike "NT*" -and $_.User -notlike "*Domain Admins*" -and $_.User -notlike "*Enterprise Admins" -and $_.User -notlike "BUILTIN*” -and $_.User –notlike "*Delegated Setup*”}  | %{$_.user.tostring()};Set-DistributionGroup $DL -BypassSecurityGroupManagerCheck -ManagedBy $owners }

This command will run through ALL of your Distribution Groups, upgrade them to Exchange 2013 and update the ManagedBy parameter with all of the owners.

** Remember to test in a lab before you run this command.

 Note: After upgrading your distribution groups, you will no longer be able to manage your Distribution Groups using legacy Exchange tools.

 

This assumes that you assigned the MyDistributionGroups Management Role to the mailbox(es) or use the information in the article below (applies to E2013 also) to not allow the users the ability to create new distribution groups or remove distribution groups that they own.

How to Manage Groups that I already own in Exchange 2010?
http://blogs.technet.com/b/exchange/archive/2009/11/18/how-to-manage-groups-that-i-already-own-in-exchange-2010.aspx

 

Comments (0)

Skip to main content