Over time, hundreds of Distribution List (DL) groups accumulate in an Exchange organization or Exchange Online (Microsoft 365) tenant . Some of them may not be used and they need to be removed periodically. In this article, we'll show you how to find unused and empty distribution groups in Exchange.
Finding unused distribution groups is different from finding inactive computers/users in AD. DL does not have an attribute of type LastLogonDate / LastLogonTimeStamp to determine when an object was last used. With the Exchange tracking logs, you can determine whether emails were sent to a specified distribution group or not.
Search for empty distribution groups in Exchange.
If the distribution group does not contain any users, it is probably no longer needed. Connect to your Exchange Server using PowerShell.
To find empty distribution groups in the Exchange organization, use the following PowerShell script:
Get-DistributionGroup –ResultSize Unlimited |Where-Object { (Get-DistributionGroupMember –Identity $_.Name –ResultSize Unlimited).Count -eq 0} | select Name, PrimarySmtpAddress
Parse the resulting list of distribution groups and remove/hide the DLs you don't need using the Remove-DistributionGroup command.
Similarly, using Get-DynamicDistributionGroup, you can find empty dynamic distribution groups:
Get-DynamicDistributionGroup -ResultSize Unlimited | Where-Object { (Get-Recipient -RecipientPreviewFilter (Get-DynamicDistributionGroup -Identity $_.Identity).RecipientFilter).count -eq 0} | select Name, PrimarySmtpAddress
Finding unused distribution groups in Exchange Server.
Exchange Server uses the Get-MessageTrackingLog cmdlet to parse transport logs. For example, you can count the number of emails sent to a specific distribution group in the last 90 days with the command:
Get-MessageTrackingLog -Start (Get-Date).AddDays(-90) -ResultSize unlimited -Recipients "dl-all_it_users@site.io"| measure-object
The following command allows you to increase the retention period for email tracking logs in Exchange Server to 180 days:
Set-TransportService HQExch1 -MessageTrackingLogMaxAge 180.00:00:00
- To find unused distribution groups, you can use the following PowerShell script:Get a list of all distribution groups in a domain and export it to CSV:
Get-DistributionGroup | Select-Object PrimarySMTPAddress | Sort-Object PrimarySMTPAddress | Export-CSV all-exchange-dls.csv –notype
- Find the list of DLs that received emails in the last 30 days:
Get-MessageTrackingLog -Start (Get-Date).AddDays(-30) -EventId Expand -ResultSize Unlimited |Sort-Object RelatedRecipientAddress | Group-Object RelatedRecipientAddress |Sort-Object Name | Select-Object @{label=”PrimarySmtpAddress”;expression={$_.Name}}, Count | Export-CSV exchange-active-dls.csv –notype
If the Exchnaage organization has several servers with a transport role (you can get a list using Get-TransportService ), you need to search on each of them: Get-MessageTrackingLog –Server Exh1 ….
- It remains to compare the two lists and find inactive groups:
$alldl = Import-CSV -Path all-exchange-dls.csv
$activedl = Import-CSV -Path exchange-active-dls.csv
Compare-Object $alldl $activedl -Property PrimarySmtpAddress -SyncWindow 500 |Sort-Object PrimarySmtpAddress | Select-Object -Property PrimarySmtpAddress |Export-Csv inactive-dls.csv –NoType
- Unused distribution groups can be hidden from the address book (the Global Address List):
$currentdate = Get-Date
$notes = "Inactive, скрыта из адресной книги $currentdate"
$inactiveDL = Import-CSV -Path inactive-dls.| foreach-object
{
Set-Group -identity $_.PrimarySmtpAddress -notes $notes
Set-DistributionGroup -identity $_.PrimarySmtpAddress -HiddenFromAddressListsEnabled $true
}
Find unused distribution groups in Exchange Online (Microsoft 365).
In Microsoft 365, you can search mail logs using the Exchange Admin Center ( Mail Flow -> Message Trace ) or using the PowerShell Start-HistoricalSearch and Get-MessageTrace . The last cmdlet has a significant limitation - it allows you to search for letters only for the last 10 days and is not suitable for our task.
Install the Exchange Online PowerShell (EXOv2) module on your computer and connect to your tenant:
Connect-ExchangeOnlineThe following command will display the number of emails sent to the SMTP address of a specific distribution group:
Start-HistoricalSearch -ReportTitle "DL Name" -StartDate 03/19/2022 -EndDate 05/18/2022 -ReportType MessageTrace -RecipientAddress global_server_admins@ site.io -NotifyAddress user@site.io
A maximum of 250 history searches per 24 hours can be used in a single tenant.
To start searching for inactive DLs among distribution groups, you can use the following script:
foreach ($group in Get-DistributionGroup)
{
Start-HistoricalSearch -ReportTitle $group.PrimarySmtpAddress -StartDate 03/19/2022 -EndDate 05/18/2022 -ReportType MessageTrace -RecipientAddress $group.PrimarySmtpAddress -NotifyAddress user@site.io
}
After the search is over, you can check how many emails were sent to email DL:
Get-HistoricalSearch "DL Name"
If the mail list is empty (in Rows = 0 ), this distribution group has not been used in Exchange Online in the last 90 days. Such a distribution group can be considered inactive.
In Exchange Online, you can use Microsoft 365 Groups instead of distribution groups.
On a note.
- Finding empty groups can be much easier and much faster using Server-side filters
Get-DistributionGroup -filter 'Members -eq $null' -ResultSize Unlimited.
Compare through Measure-Command, you will be pleasantly surprised. - You also need to take into account the fact that distribution groups can be of the security type (more precisely, this is a Security group with a mailing address). And consequently such groups can be hung on ACL. And in my opinion, they should be dealt with separately. Otherwise there will be ghost in the ACL. They can be excluded from the search by specifying an additional parameter -RecipientTypeDetails in the previous command.