PrzemyslawKlys
commented
7 months ago What you are showing above 5 users were added to a group, 6 users were removed from a group. What actually happened on the Exchange side?
Closed bmartins-EUDA closed 7 months ago
PrzemyslawKlys
commented
7 months ago What you are showing above 5 users were added to a group, 6 users were removed from a group. What actually happened on the Exchange side?
bmartins-EUDA
commented
7 months ago What you are showing above 5 users were added to a group, 6 users were removed from a group. What actually happened on the Exchange side?
On the Exchange Control Panel, in this case, only one user was removed from the group (as in 6-5=1), and the same is logged in AD.
I was wondering if there was a way that your script could identify which one, to override this weird behavior of Exchange.
As I mentioned, if you do the same operation using AD Users & Computers snap-in, only one entry is logged in the Event Viewer.
Cheers, and keep up the good work!
PrzemyslawKlys
commented
7 months ago There's no way for me to tell. It would seem Exchange is dumb enough to basically drop all users and readd missing when you do it via ECP. But that would be super weird if it does that. Some groups for large companies have thousands of users. If it would do that just because you removed one user it would kill AD/Exchange.
bmartins-EUDA
commented
7 months ago There's no way for me to tell. It would seem Exchange is dumb enough to basically drop all users and readd missing when you do it via ECP. But that would be super weird if it does that. Some groups for large companies have thousands of users. If it would do that just because you removed one user it would kill AD/Exchange.
Exactly! Thanks for the explanation.
I wonder how commercial tools are handling this...
In any case, this issue can be closed and thanks once again for your swift reply!
PrzemyslawKlys
commented
7 months ago THe commercial tools are not handling this. There is something wrong in your setup. It's not possible that removing 1 user would cause AD to do that. Keep in mind that those events are generated by AD, not by Exchange. That means what happened in your case exchange has sent 6 removals, 5 adds. It's jut not possible for it to be true if just one user was removed.
Did you do it or someone from your team? Most likely scenario is that you've wrong powershell script that does this
bmartins-EUDA
commented
7 months ago THe commercial tools are not handling this. There is something wrong in your setup. It's not possible that removing 1 user would cause AD to do that. Keep in mind that those events are generated by AD, not by Exchange. That means what happened in your case exchange has sent 6 removals, 5 adds. It's jut not possible for it to be true if just one user was removed.
Did you do it or someone from your team? Most likely scenario is that you've wrong powershell script that does this
Does that mean that you have a working setup where the removal of a user from a distribution group using ECP does not have this behaviour?
I just added a user to a DG, and this is what I am getting.
I am only using the UI, no scripts are involved.
PrzemyslawKlys
commented
7 months ago i don't have exchange on hand, but that is super weird that removing single user triggers whole group rebuild.
Hello guys,
This issue is not directly related to the tooling, which is great, but instead, if you could find a way to use the tool to make the output prettier.
I am looking for a report on distribution group membership changes and started using your script.
It works great when changes are made using ADUC, but not if the user has delegated administration of groups and manipulates the membership through the Exchange Control Panel, where multiple lines are added to the output, making it difficult to track actual changes.
The example above shows a simple removal of a distribution group.
Can someone point me in the right direction?
Many thanks.