The script populates attributes of a user with names of Microsoft 365 (Office 365) groups and Exchange Online distribution lists the user is a member of. To run the script on a regular basis, create a scheduled task configured for the Domain-DNS object type.
Parameters:
- $distributionGroupNamesAttribute - Specifies the LDAP name of a multivalued attribute that will store names of Exchange Online distribution lists a user is a member of.
- $microsoft365GroupNamesAttribute - Specifies the LDAP name of a multivalued attribute that will store names of Microsoft 365 (Office 365) groups a user is a member of.
PowerShell
$distributionGroupNamesAttribute = "adm-CustomAttributeTextMultiValue1" # TODO: modify me
$microsoft365GroupNamesAttribute = "adm-CustomAttributeTextMultiValue2" # TODO: modify me
# Get unique identifiers of users in Microsoft 365
$searcher = $Context.BindToObject("Adaxes://%adm-DomainDN%")
$searcher.SearchFilter = "(sAMAccountType=805306368)"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SetPropertiesToLoad("adm-O365ObjectId")
$searcher.VirtualRoot = $True
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
$searchResults = $searchResultIterator.FetchAll()
$objectIds = @{}
foreach ($searchResult in $searchResults)
{
if (!$searchResult.ContainsProperty("adm-O365ObjectId"))
{
continue
}
$objectId = [Guid]$searchResult.Properties["adm-O365ObjectId"].Value
$objectIds.Add($objectId, $searchResult.AdsPath)
}
}
finally
{
# Release resources
if ($searchResultIterator){ $searchResultIterator.Dispose() }
}
try
{
# Connect to Exchange Online
$session = $Context.CloudServices.CreateExchangeOnlinePSSession()
Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName "Get-User", "Get-DistributionGroup", "Get-UnifiedGroup"
foreach ($id in $objectIds.Keys)
{
# Get user distinguished name in Microsoft 365
$username = $Context.GetDisplayNameFromAdsPath($objectIds[$id])
try
{
$user = Get-User $id.ToString() -ErrorAction Stop
}
catch
{
$Context.LogMessage("An error occurred while searching the user $username`. Error: " + $_.Exception.Message, "Warning")
continue
}
$userDN = $user.DistinguishedName
# Get group membership
try
{
$distributionGroupNames = Get-DistributionGroup -ResultSize Unlimited -Filter "Members -like '$userDN'" -ErrorAction Stop | %%{$_.DisplayName}
}
catch
{
$distributionGroupNames = $NULL
$Context.LogMessage("An error occurred while searching distribution groups for the user $username`. Error: " + $_.Exception.Message, "Warning")
}
try
{
$microsoft365GroupNames = Get-UnifiedGroup -ResultSize Unlimited -Filter "Members -like '$userDN'" -ErrorAction Stop | %%{$_.Alias}
}
catch
{
$microsoft365GroupNames = $NULL
$Context.LogMessage("An error occurred while searching Microsoft 365 groups for the user $username`. Error: " + $_.Exception.Message, "Warning")
}
# Update attributes
$user = $Context.BindToObject($objectIds[$id])
$user.Put($distributionGroupNamesAttribute , $distributionGroupNames)
$user.Put($microsoft365GroupNamesAttribute, $microsoft365GroupNames)
$user.SetInfo()
}
}
finally
{
# Close the remote session and release resources
if ($session) { Remove-PSSession $session }
}