I am writing a script to query all members of a number of groups (using the Get-Group cmdlet), then perform some Exchange tasks. I noticed that I could read all the members of certain groups, but for others, the membership property was null. Upon further investigation, I realized that the groups for which I could read the members were Universal groups, and the ones I could not read the members were Global groups. I am assuming that the reason for this is that Exchange does not support groups other than Universal, but have not been able to confirm this. Can someone tell me if I am correct? Assuming that is the case, can anyone suggest a workaround or alternate way to read these members? I was thinking about using ADSI in the script, but this is a bit cumbersome and was hoping someone knows a different way. The Directory Services team would prefer not to convert these groups to Universal just to get this script to work. Thanks, Dan

Hi, What version of Exchange are you using? On Exchange 2010, only Universal Groups are supported. You may get null against a GC because IIRC group group memberships aren't replicated to the GC. SteveSteve Goodman Check out my Blog for more Exchange info or find me on Twitter

On Fri, 19 Nov 2010 13:29:30 +0000, Dan DeStefano wrote: >I am writing a script to query all members of a number of groups (using the Get-Group cmdlet), then perform some Exchange tasks. I noticed that I could read all the members of certain groups, but for others, the membership property was null. Upon further investigation, I realized that the groups for which I could read the members were Universal groups, and the ones I could not read the members were Global groups. > >I am assuming that the reason for this is that Exchange does not support groups other than Universal, but have not been able to confirm this. Can someone tell me if I am correct? How many AD domains do you have? The membership of groups with a universl scope is promoted to a local GC and replicated across the AD forest. Groups with other scopes have their membership promoted to the local GCs only in the AD domain where they live. This is the reason why you want mail-enabled groups to have a universal scope. It's a problem when someone sends an e-mail to a non-universal group that lives in an AD domain that isn't used by the Exchange server that expands the group because nobody gets the message! >Assuming that is the case, can anyone suggest a workaround or alternate way to read these members? I was thinking about using ADSI in the script, but this is a bit cumbersome and was hoping someone knows a different way. Get the distinguishedName from the group. Extract the AD domain from the DN. Find a DC in that domain and put it's name into the "-domaincontroller" parameter on the get-group cmdlet. You can do it all with just .Net -- no need for ADSI. >The Directory Services team would prefer not to convert these groups to Universal just to get this script to work. What's their objection to using a group with a universal scope? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Additional info in the thread below: Exchange 2007 DL Expansion failsJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com