How to get distribution groups using PowerShell
Last updated on:In this page
Exchange admins frequently audit distribution groups to identify owners, inactive members, and outdated groups. Outdated distribution groups with former employees create security risks. Manual searches through the Exchange interface are time-consuming and inefficient for large-scale audits. This article covers three methods to retrieve distribution groups: Exchange admin center (EAC) interface, PowerShell commands, and specialized reporting tools like ManageEngine Exchange Reporter Plus.
- Exchange admin center
- PowerShell
- Exchange Reporter Plus
Method 1: Get distribution groups using the Exchange admin center
Prerequisite
Before using the EAC, ensure the account you use to log in is a member of one of these role groups: Organization Management, Recipient Management, or View-Only Organization Management.
Using the EAC to get distribution groups
You can get distribution groups directly through EAC using the web interface.
- Open your web browser and navigate to https://servername/ecp (here, replace servername with your Exchange Server name).
- Sign in using your Exchange admin account.
- Navigate to Recipients.
- Click on Groups.
- Here, you will see a list of distribution groups configured in your Exchange environment.
Method 2: Get distribution groups using PowerShell (Get-DistributionGroup)
Prerequisites
Ensure the following prerequisites are met before running the Get-DistributionGroup cmdlet.
- Exchange Management Shell is installed and accessible on your Exchange Server or management workstation.
- You have appropriate Exchange Server permissions (Recipient Management, View-Only Organization Management or Organization Management role).
- PowerShell is run with administrative privileges.
Using the Get-DistributionGroup command to get distribution groups
The Get-DistributionGroup cmdlet is used to view and retrieve details about existing distribution groups, such as its properties. The syntax for it is given below:
Get-DistributionGroup
[-Anr <String>]
[-Credential <PSCredential>]
[-DomainController <Fqdn>]
[-Filter <String>]
[-IgnoreDefaultScope]
[-IncludeAcceptMessagesOnlyFromDLMembersWithDisplayNames]
[-IncludeAcceptMessagesOnlyFromSendersOrMembersWithDisplayNames]
[-IncludeAcceptMessagesOnlyFromWithDisplayNames]
[-IncludeBypassModerationFromSendersOrMembersWithDisplayNames]
[-IncludeGrantSendOnBehalfToWithDisplayNames]
[-IncludeManagedByWithDisplayNames]
[-IncludeModeratedByWithDisplayNames]
[-OrganizationalUnit <OrganizationalUnitIdParameter>]
[-ReadFromDomainController]
[-RecipientTypeDetails <RecipientTypeDetails[]>]
[-ResultSize <Unlimited>]
[-SortBy <String>]
[<CommonParameters>]
Supported parameters
The table given below lists out some of the Get-DistributionGroup parameters for getting distribution groups.
| Parameters | Description |
|---|---|
| -Identity | Specifies the distribution groups that you want to return statistics for. You can use any value that uniquely identifies the distribution group such as name, alias, distinguished name (DN), email address, or the GUID. |
| -OrganizationalUnit | Filters results to only display distribution groups located within a specific OU or domain. You can specify the OU by its name, canonical name, DN, or GUID. This is useful for targeting groups within particular segments of your organization's directory hierarchy. |
| -IgnoreDefaultScope | Tells the cmdlet to ignore the default recipient scope and expand the search to cover the entire AD forest. This parameter is useful when groups exist outside the default scope, helping administrators locate and manage groups that would otherwise be filtered out. |
| -DomainController | Specifies the domain controller that's used by this cmdlet to read data from or write data to AD. |
| -SortBy | Specifies the property by which to sort the list of distribution groups returned by the cmdlet. Sorting is done in ascending order and only one property can be specified at a time. Common sortable properties include Name, DisplayName, Alias, City, FirstName, LastName, Office, and ServerLegacyDN. |
Example use cases using the Get-DistributionGroup cmdlet
Getting all distribution groups
Get-DistributionGroup
Getting details of a specific distribution group
Get-DistributionGroup -Identity "group_name"
For this cmdlet, replace "group_name" with the display name, alias, DN, or primary SMTP address of the distribution group you want to get details on.
Method 3: Get distribution groups using Exchange Reporter Plus
- Log in to Exchange Reporter Plus and go to Reports > Exchange Server > Distribution Lists and click Distribution Lists under General Reports.
- Select the required Exchange Organization.
Stay informed about distribution groups
Exchange Reporter Plus provides Exchange administrators with detailed, actionable insights into distribution groups across their Exchange environment. This reporting solution enables admins to monitor group membership, usage, and activity patterns with ease.
Comprehensive distribution groups reporting
Gain visibility into every distribution list in your Exchange organization, including group names, email addresses, types, scopes, total members, and ownership details.
Inactive distribution groups tracking
Identify distribution groups with little to no email activity over a selected period to help cleanup inactive distribution groups.
Sender authentication-based filtering
Filter distribution groups reports to identify groups based on whether they require sender authentication. This information can be used by admins to distinguish between groups that allow external unauthenticated senders and those restricted to authenticated internal senders only.
Important tips
Periodically monitor distribution groups activity to prevent security risks associated with orphaned or unmanaged groups.
Review message delivery restrictions regularly to detect and prevent unauthorized email senders effectively.
Schedule distribution group reports to gain up-to-date insights into various aspects of distribution groups in your organization.
