I couldn't find Exchange 2007 discussion forum so I hope this is OK to ask this question here...

I have a security system (for access ID security badges) that is able to query AD Security Groups to assign certain permission to each user.  We need to identify 10 mouth employees.  These employees AD accounts are in several diferent OU's so I created a query based dynamic distribution group for 10 month employees..  However, our security system cannot see dynamic distribution groups.  Can anyone think of a way how I can make a security group from this dynamic distribution group?  Maybe something like a script to export users from the Dynamic group  I haven't tried anything yet hoping someone out there has had the need for something like this already. 

Not sure if this is what you're looking for:

https://github.com/davegreen/shadowGroupSync

Not a conversion of your DL to a security group, but looks like it might accomplish the same goal.

Hi,

If you want to export the members of the Dynamic Distribution group, please run:
$Group1 = Get-DynamicDistributionGroup DDG1
Get-Recipient -RecipientPreviewFilter $Group1.RecipientFilter | select Name,RecipientType | Export-csv C:\members.csv

Then we can create a security distribution group:
New-DistributionGroup -Name "10 month employees" -OrganizationalUnit "contoso.com/Users" -Type "Security"

And add group members to this security group:
Import-CSV "C:\members.CSV" | ForEach-Object {Add-DistributionGroupMember -Identity "10 month employees" -Member $_.name}

Now, you can check the security group "10 month employees" properties in ADUC.

Regards,

Thanks B0ndoo7, that script almost would work except I need to select specific users from several OU's based on attribute field content.

• Edited by bassoml 9 hours 52 minutes ago

Perfect. Thanks.

I added the SAMAccountName so not to be prompted for user input so the command to create the new distribution group now looks like this:

New-DistributionGroup -Name "10 month employees" -OrganizationalUnit "contoso.com/Users" -SAMAccountName "10MonthEmployees" -Type "Security"

I will not try to automate this...

• Proposed as answer by bassoml 12 hours 34 minutes ago

Thanks B0ndoo7, that script almost would work except I need to select specific users from several OU's based on attribute field content.

• Edited by bassoml Thursday, June 11, 2015 9:35 PM

Perfect. Thanks.

I added the SAMAccountName so not to be prompted for user input so the command to create the new distribution group now looks like this:

New-DistributionGroup -Name "10 month employees" -OrganizationalUnit "contoso.com/Users" -SAMAccountName "10MonthEmployees" -Type "Security"

I will not try to automate this...

• Proposed as answer by bassoml Thursday, June 11, 2015 6:53 PM

Hi Strensnik2,

Any updates for this issue?

Have you tried my suggestions?

Regards,

Hi Strensnik2,

Any updates for this issue?

Have you tried my suggestions?

Regards,