The easy part

Creating distribution lists in bulk is quite simple.

Just a CSV file:

1
2
3
4

name,mail
Fancy Group,[email protected]
Another Fancy Group,[email protected]
Not That Fancy Group,[email protected]

And for-each loop

1
2
3
4
5
6
7

Import-Csv .\groups.csv | ForEach-Object {
    New-DistributionGroup 
    -Name $_.name 
    -PrimarySmtpAddress $_.mail 
    -OrganizationalUnit 'OU=Groups,DC=wrong,DC=went,DC=something,DC=dev'
    -Type Security 
}

Result:

NameDisplayNameGroupTypePrimarySmtpAddress
Fancy GroupFancy GroupUniversal, SecurityEnabled[email protected]
Another Fancy GroupAnother Fancy GroupUniversal, SecurityEnabled[email protected]
Not That Fancy GroupNot That Fancy GroupUniversal, SecurityEnabled[email protected]

But updating msExchExtensionAttribute is different

A below won’t work as there is no such command under Set-DistributionGroup.

1

Set-DistributionGroup -Identity "Fancy Group" -msExchExtensionAttribute20 "Lorem Ipsum"

For this matter we must use Set-ADGroup but it accepts these for Identity parameter:

  • A distinguished name
  • A GUID (objectGUID)
  • A security identifier (objectSid)
  • A SAM account name (sAMAccountName)

Since Active Directory adds random numbers to the sAMAccountName for uniqueness, we cannot reliably query by the DL “name”:

Active Directory group with random numbers

Example: ‘Another Fancy Group’ becomes ‘Another Fancy Group-1-292223989’

A proper command, for the Another Fancy Group is:

1

 Set-ADGroup -Identity 'Another Fancy Group-1-292223989' -Replace @{msExchExtensionAttribute20="Lorem Ipsum"}

We can also use filter and pipeline:

1
2

Get-ADGroup -Filter "mail -eq '[email protected]'" |
Set-ADGroup -Replace @{msExchExtensionAttribute20="Lorem Ipsum"}

What about bulk update?

For multiple groups, we can import a CSV file for data input, query objects by mail attribute and update these accordingly in loop.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

#CSV file should contain 'mail' header

$groups = Import-Csv .\groups.csv

foreach ($g in $groups) {

    $group = Get-ADGroup -Filter "mail -eq '$($g.mail)'" -Properties mail

    if ($group) {
        Set-ADGroup -Identity $group.DistinguishedName -Replace @{msExchExtensionAttribute20 = "Lorem Ipsum"}
        Write-Host "OK: $($g.mail) -> msExchExtensionAttribute20 has been set" -ForegroundColor Green
    }
    else {
        Write-Host "ERROR: DL not found $($g.mail)" -ForegroundColor Red
    }
}

We can filter for any other property - as long as it’s uniqe (and covered in a CSV). Just update script’s line 7.

Summary

This is a hybrid/on-premises scenario - less common now days, but still relevant for organizations running Exchange hybrid or syncing on-prem AD to Entra ID.