The purpose of this PowerShell script is to remove a user from all distribution groups. The script is interactive, it will show the list of groups first, then you have an option to process your request.
While the same can be done using Exchange Admin or Microsoft 365 Admin Center, it is much faster using PowerShell.
Note, the script only processes those distribution groups that are managed in the cloud. If you have some groups synced with Active Directory, those should be processed separately.
$email = Read-Host "Please provide a user's email address to remove from all distribution groups"
$mailbox = Get-Mailbox -Identity $email
$DN=$mailbox.DistinguishedName
$Filter = "Members -like ""$DN"""
$DistributionGroupsList = Get-DistributionGroup -ResultSize Unlimited -Filter $Filter
Write-host `n
Write-host "Listing all Distribution Groups:"
Write-host `n
$DistributionGroupsList | ft
$answer = Read-Host "Would you like to proceed and remove $email from all distribution groups ( y / n )?"
While ("y","n" -notcontains $answer) {
$answer = Read-Host "Would you like to proceed and remove $email from all distribution groups ( y / n )?"
}
If ($answer -eq 'y') {
ForEach ($item in $DistributionGroupsList) {
Remove-DistributionGroupMember -Identity $item.DisplayName –Member $email –BypassSecurityGroupManagerCheck -Confirm:$false
}
Write-host `n
Write-host "Successfully removed"
Remove-Variable * -ErrorAction SilentlyContinue
}
Else
{
Remove-Variable * -ErrorAction SilentlyContinue
}
Thank you so much for this!!!! I’ve been looking for a script or guidance on how to write one that works, stumbled across your script. Thank you!
You are very welcome!
Excellent script! if I am on an Exchange Hybrid environment do you know if this will then work on all distro lists since with Hybrid we are synchronized with the cloud? If you could let me know your thoughts that would be appreciated. Thank you.
Hi Alex,
This script won’t take care of the groups that are onprem. However, when getting a group in the cloud you can see if it’s synced from your local AD. Based on that you can take actions against either AD or AAD.
You can see some concepts of working with both the cloud and onprem in this post – https://365basics.com/powershell-script-to-migrate-a-security-group-and-all-its-members-from-ad-to-aad/
The Script worked for me. Just a question can we add lines to remove the o365 groups(all including Teams enabled) as well
Hi Ras,
Yes, this is a very old script from back then. If you have access to Power Automate and Graph API, I would recommend you switch to it as it makes automation much easier.
To be honest, this current script needs a complete “redo”.
Thanks for this script Pavel, it’s very useful. We use it in a Runbook and call it from Power Automate as part of our offboarding workflow as Graph API can’t remove users from mail-enabled security groups or distribution groups.
See here: https://docs.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0#security-groups-and-mail-enabled-security-groups
“Mail-enabled security groups are read only.”
Thanks Loryan,
You are correct on that. We try to use as many dynamic groups as possible (which get updated once a person leaves the company). The rest is taken care of by the Graph API workflows. Those groups we cannot automatically process, a workflow puts into an automated report and creates a ticket for the Help Desk Team.
Great Script, saves me a lot of time.
Thank you
Thanks Armstrong!
It looks I have to update my early 2019 script given that Google started returning it in search results.
This script does what we needed it to do! Thanks so much Alex! I could only imagine what the updated version looks like. You’re a true lifesaver!
Hi Paul,
Not sure if I am doing anything wrong, I am trying to use this script and its giving me below error, can you help
Remove-DistributionGroupMember : A positional parameter cannot be found that accepts argument ‘â€Member
nikhila.sontaya@olympus.com â€BypassSecurityGroupManagerCheck’.
At C:\Scripts\dl.ps1:25 char:9
+ Remove-DistributionGroupMember -Identity $item.DisplayName †…
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Remove-DistributionGroupMember], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Remove-DistributionGroupMember