Today I’ve encountered a problem at a client, a group in Office 365 did not contain all the users that it should as in the on-prem AD group, this caused the missing users not to receive emails that were sent to that group, first we thought there was a problem with DirSync, after checking DirSync we saw that everything was OK there, then we moved to check Azure AD using Get-MsolGroupMember it looked Ok, same as the On-Prem group, our next step was to run Get-DistributionGroupMember against the Office365 Exchange directory and there we saw that the group was not getting properly updated.

After talking with MS we learned that they have their own DirSync/FIM or what ever that sync’s the Azure AD and Office365 directory, they needed to fix the problem on their side.

After seeing that we have a problem with one group I’ve decided to write a script that will give us a report on other groups with the same problem.

So here goes the script:

First we connect to the Office365 Exchange directory:

$cred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $Session

Then we will connect to MsolService (you will need the Azure Active Directory module for this)

Connect-MsolService -Credential $cred

First I’ve created an array to hold the collected information called $data

$data = @()

I’ve ran the Get-MsolGroup against groups of type: DistributionList and MailEnabledSecurity

Get-MsolGroup -all -GroupType DistributionList| %{ $groupName = $_.displayName $msolgroupCount = (Get-MsolGroupMember -GroupObjectId $_.ObjectId).count $tmp = Get-DistributionGroupMember $groupName if($tmp -is [array]) { $exchangeGroupCount = $tmp.count } else { if($exchangeGroupCount -ne $null) { $exchangeGroupCount = 1 } else { $exchangeGroupCount = 0 } } if($msolgroupCount -ne $exchangeGroupCount) { $data += New-Object PSObject -property @{ "Group Name" = $groupName "MSOL Group" = $msolgroupCount "Exchange Group" = $exchangeGroupCount } } } Get-MsolGroup -all -GroupType MailEnabledSecurity| %{ $groupName = $_.displayName $msolgroupCount = (Get-MsolGroupMember -GroupObjectId $_.ObjectId).count $tmp = Get-DistributionGroupMember $groupName if($tmp -is [array]) { $exchangeGroupCount = $tmp.count } else { if($exchangeGroupCount -ne $null) { $exchangeGroupCount = 1 } else { $exchangeGroupCount = 0 } } if($msolgroupCount -ne $exchangeGroupCount) { $data += New-Object PSObject -property @{ "Group Name" = $groupName "MSOL Group" = $msolgroupCount "Exchange Group" = $exchangeGroupCount } } }

Finally we can export to collected data to a .csv file for example:

$data | export-csv c:\report.csv

The file will contain GroupName,#Members Msol,#Members Exchange .

Share this: Twitter

Facebook

Like this: Like Loading... Related

Tagged: export-csv, Get-DistributionGroupMember, Get-MsolGroup, Get-MsolGroupMember