I have filtered user list for disabling based on certain criteria & now i want to remove their group membership from Distribution group & Security group as well also need to make them hidden from GAL & also record it in log file.Help me to add commands to achieve all above. (Note:Also advice as i am not running this script from Exchange server how i can access object attribute to hide user from GAL) While ($reader.read()) { $emp = $reader.GetString(0) $firstname = $reader.GetString(2) $lastname = $reader.GetString(4) $user = Get-ADUser -Filter {employeeid -like $emp } If ($user.enabled -eq 'True') { Disable-ADAccount $user $emp,$fn,$ln | out-file D:\disablednow.txt -append } Else { $emp,$firstname,$lastname | out-file D:\alreadydisabled.txt -append } } } Please ask me if need more input from me.

hi can someone help me for last post...or need more information?

>>(Note:Also advice as i am not running this script from Exchange server how i can access object attribute to hide user from GAL) Do you have rights to the Exchange environment? Exchange 2010 uses remote powershell and you don't need to be on the server itself to run exchange cmdlets. But either way, this can also be done easily with the AD cmdlets. For example: Import-Module activedirectory Search-ADAccount -AccountDisabled | Set-ADUser -Replace @{msExchHideFromAddressLists="TRUE"} Mike Crowley | MVP My Blog -- Planet Technologies

>>(Note:Also advice as i am not running this script from Exchange server how i can access object attribute to hide user from GAL) Do you have rights to the Exchange environment? Exchange 2010 uses remote powershell and you don't need to be on the server itself to run exchange cmdlets. But either way, this can also be done easily with the AD cmdlets. For example: Import-Module activedirectory Search-ADAccount -AccountDisabled | Set-ADUser -Replace @{msExchHideFromAddressLists="TRUE"} Mike Crowley | MVP My Blog -- Planet Technologies

Yeah i used the same command you given to hide user from GAL without loading exchange snap in. Search-ADAccount -AccountDisabled | Set-ADUser -Replace @{msExchHideFromAddressLists="TRUE"} i have few more tasks to be done on user account.can you suggest from below action how many i can do without loading exchange snapin as i already on 2008R2 & active directory module imported.1)Remove Initials of user from general tab and property page.2)Remove Reporting manage name from userID.3)Add DisableID group on message delivery restriction list.(Exchange property)4)Move mailbox to disabled user database.5)Move user account to Disabled User OU in AD

i am thinking of using below commands, please advice to achieve it in better way. 1)Remove Initials of user from general tab and property page.----------->> Set-user $user -initials $null 2)Remove Reporting manage name from user ID.--------Set-QADUser -Identity $username -objectattributes @{"Manager"="$null"} 3)Add DisableID group on message delivery restriction list.(Exchange property)----set-mailbox test1 -acceptmessagesonlyfromdlmembers "group1" 4)Move mailbox to disabled user database.---Move-Mailbox $user -targetdatabase Disable database 5)Move user account to Disabled User OU in AD--------Move-QADObject -identity $username -NewParentContainer "domainname.com/$ou/Disabled Accounts" Also suggest if any of above exchange task can be done using Active directory module cmdlets. Help me in running exchange commands from non-exchange server, i.e. importing ps snapin for exchange & user account requirement for running exchange commands, powershell execution needed or is there any alternate way because i want to perform it using AD commands as far as possible.

Yeah i used the same command you given to hide user from GAL without loading exchange snap in. Search-ADAccount -AccountDisabled | Set-ADUser -Replace @{msExchHideFromAddressLists="TRUE"} So you are saying my suggestion worked? Or that you already knew that? If you already knew it why did you ask? Anyway, you're all over the place here. What are you trying to accomplish, and what cmdlets are you trying to limit the operation to? Why not connect to Exchange and use it's cmdlets? And are you now saying you also have the Quest AD module? Some other thoughts on your last post: move-mailbox is an exchange 2007 cmdlet. Are you running Exchange 2010 or 2007?You cannot move a mailbox without the Exchange cmdletsIf you have the earlier mentioned search-adaccount that means you also have move-adobject. No need for the Quest cmdlets in your #5in #3 you use Quest again. This can be set via set-aduser Please "RTFM" as they say. Active Directory Cmdlets in Windows PowerShellConnecting to a remote Exchange 2010 Organization using Remote PowerShell Mike Crowley | MVP My Blog -- Planet Technologies

yes Mike, i refer your command only to hide from GAL....it certainly helped me. Sorry it was by mistake to insert Get-QADusert as copied from wrong file...i am on 2008R2 & using Get-Aduser. So in order to move mailbox i shall need to import-exchange PS-snapin, i thought as we were able to hide user from GAL which Exchange attribute,similarly i was interested in knowing what all other things with Exchange i would able to do using AD command.......ok...i did some research on it & found this one. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2010 server>/PowerShell/ -Authentication Kerberos Import-PSSession $Session Set-User David -RemotePowerShellEnabled $True Apart from this do i need to consider any before using into script.

Great! Yes, if you want to move mailboxes, you'll need to connect with the code you listed above. And if you're going to do that anyway, perhaps go back to using Exchange 2010 cmdlets anyway. Mike Crowley | MVP My Blog -- Planet Technologies