Display Name,Email Alias
ACCOUNTING,smaccounting
AUDIT COMPLIANCE,smauditcompliance
AUSTRALIA,smaustralia
BACKUP ADMINS,smbackupadmins
CANADA,smcanada
CHANGE MANAGEMENT,smchangemgmt
In order to organize and differentiate these groups from similarly named groups that already existed in our directory, each group's display name would be prefixed with "zSvcMgr". The "z" pushed these entries down to the bottom of the address list where they would be less likely to be seen or used, yet they would still be grouped together alphabetically. The email aliases would also be prefixed by "sm". As you can see from the above sample list, the supplied file included the "sm" prefix on the email aliases, but the "zSvcMgr" prefix is missing from the display names. I'll have to add those in during the processing.
This is one of those situations where a script would be handy, but the single-use nature of the task doesn't really warrant a lot of development time. I decided to just write the code on the fly, but this could easily be turned into a full-fledged script if you need to do this sort of thing often.
I basically needed to do two distinct things - process each line in the CSV file to create the security groups and then mail-enable them. Creating the groups could be done from any standard powershell session, but mail enabling them requires the Exchange shell, so I just performed both tasks from an Exchange 2010 shell session. Here's all the code I needed to complete the job.
$list = Import-CSV SMGroupList.csv
Import-module ActiveDirectory
foreach ($entry in $list) {
$name = "zSvcMgr " + $entry."Display Name"
$alias = $entry."Email Alias"
New-ADGroup –Name $name –Path “ou=ServiceManager,ou=
Enable-DistributionGroup -Identity "cn=$name,ou=ServiceManager,
}
That's all that's required. Let's take a more detailed look at each line.
$list = Import-CSV SMGroupList.csv
This line imports the CSV file into the $list variable. This loads the entire file into memory, and automatically uses the data in the first row as column headings.
Import-module ActiveDirectory
This command loads the Active Directory module into the shell, giving us access to the New-ADGroup command, which we'll use to create our new groups.
foreach ($entry in $list) {
Now we want to start processing the contents of the CSV file, which is stored in the $list variable. The foreach command will loop through the imported data line by line. For each iteration of the foreach loop, the $entry variable will contain the contents of the currently processing line. To access the various fields in the line, just refer to the field by using the column name.
$name = "zSvcMgr " + $entry."Display Name"
In the line above, I build the desired name of the group, taking the contents of the imported Display Name field (note: $entry."Display Name" references the Display Name field in the current $entry variable), append it to the end of the "zSvcMgr " string, then assign the new name to the $name variable.
$alias = $entry."Email Alias"
Next, we grab the Email Alias value from the current line in the $entry variable, and assign it to the $alias variable. Note that the double quotes around Email Alias is only required because the field name has a space in it. If the field name were "EmailAlias" (no spaces), then we could have left off the double quotes and referred to it as simply $entry.EmailAlias.
Now that we've populated our variables, we're ready to create our new group.
New-ADGroup –Name $name –Path “ou=ServiceManager,ou=
Here, we pass the $name variable, which contains the group name we built above, to the New-ADGroup command. The -Path parameter tells the command where to create the new group object in our Active Directory hierarchy, and the -GroupScope parameter tells it to create a universal group. If you omit the -GroupScope parameter, a global group is created by default.
All that's left to do now is to mail-enable our newly-created group.
Enable-DistributionGroup -Identity "cn=$name,ou=ServiceManager,
Note that we're passing both the $name and $alias variables to the Enable-DistributionGroup command. Since we're not specifying a PrimarySmtpAddress parameter, our new group will receive an SMTP address from the default email address policy.
}
The ending curly brace signals the end of our foreach loop, and then the process repeats for the next line in the $list variable. Once all of the lines are processed, all of our shiny, new, mail-enabled security groups will be created. A quick peek inside the ServiceManager OU confirms that the groups exist, and you can confirm that they exist in Exchange by looking in the console, or by issuing a quick, "Get-DistributionGroup zSvcMgr*" command.
That's all there was to it. It took much less to time to write the code and create the groups than it did to write it all down and explain how it worked. I hope someone finds it useful.
