Filters:

  • Technologies

  • Instructors

  • Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server

    Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server.

    Dynamic Distribution Groups in Exchange Server are a little bit different than your typical Distribution Group.

    001-Dynamic-Distribution-Groups-using-PowerShell

    For example, if I go into this Marketing Distribution Group and take a look at the members, you can see that this is a static list of members straight out of active directory that have mailboxes.

    002-members-Dynamic-Distribution-Groups-using-PowerShell

    The group of users in this list is determined long before anybody ever sends an email message to it. The idea with Dynamic Distribution Groups is that we can basically determine that membership list based off of a query. This would be a query of maybe the users have a certain attribute for their job title or their department or a number of other things.

    In the actions screen you can see that we have the ability to create a dynamic Distribution Group in addition to just a regular Distribution Group.

    003-members-Dynamic-Distribution-Groups-using-PowerShell

    Let’s go ahead and run through that real quick.

    I’m going to click on new dynamic Distribution Group and I’m going to call this one Human Resources. The alias will be the same just no spaces involved here, HumanResources.

    004-new-Dynamic-Distribution-Groups-using-PowerShell

    I’m going to hit next and here are the filter settings that we’re using as a way to define membership list.

    005-filter-settings-Dynamic-Distribution-Groups-using-PowerShell

    I’m going to scope this group.

    It’s basically anything in Active Directory.

    006-filter-settings-Dynamic-Distribution-Groups-using-PowerShell

    I’ve got one domain in a single forest so I want to look for any recipients in that entire domain and forest and I’m going to let all recipient types to be affected by this.

    007-all-recipient-types-Dynamic-Distribution-Groups-using-PowerShell

    Here are really my conditions. I have a few options here in the graphical.

    008-new-conditions-Dynamic-Distribution-Groups-using-PowerShell

    I can say well maybe the recipient is in that HR department.

    009-new-conditions-Dynamic-Distribution-Groups-using-PowerShell

    I’ve got the ability to key that out to company or the state or some of these custom attributes but that’s about it.

    In a scenario where I have more criteria using the GUI is a little limiting. We can use PowerShell to add multiple attributes to this that aren’t on this list. For example, I might want the job title to be part of that query as well. Instead of creating this with the GUI, I’m actually going to go in the Shell and do this.

    Let’s bring this up and the cmdlet for this is New-DynamicDistributionGroup.

    010-cmndlet-NewDynamicDistributionGroup-PowerShell

    I’m going to call this ‘Human Resources’ again. This will be the display name that my recipient container will be uss.local.

    011-cmndlet-NewDynamicDistributionGroup-PowerShell

    I’m going to use the recipient filter parameter. It’s hard to see this here because its line wrapping but it’s the recipient filter parameter.

    012-cmndlet-NewDynamicDistributionGroup-PowerShell

    I want to specify my filter syntax using something called OPATH. Good thing is it looks just like a filter you would write in typical PowerShell. Starting with Exchange 2007, we no longer use LDAT filters and we use OPATH‑filtering syntax.

    You may also like:  Using PowerShell to remove the MiniShell or Full Graphical Shell to convert Windows Server 2012 R2 Datacenter to a Core Edition

    I’m going to open a curly brace { and I’m going to say title, that’s the property that I’m interested here equals HR manager and I’m going to close that off there.

    013-cmndlet-NewDynamicDistributionGroup-PowerShell

    I’m using single quotes here because there’s a space in that string. I’m also going to do a dash or (-or). I’m going to look for two separate things either have a department attribute set to HR or the department title or the user title, I should say, set to HR manager.

    014-cmndlet-NewDynamicDistributionGroup-PowerShell

    This is using a filter that I couldn’t actually do in the graphical console. Let me hit enter to create this group. It looks like I’ve misspelled one of my attributes here so it should be department. Again, make sure you read the errors.

    015-cmndlet-NewDynamicDistributionGroup-PowerShell

    It tells me exactly what the problem is, the filter, the property that I’ve been trying to use is not valid. Basically, I had to re‑read that notice that I have misspelled it. Let’s try that again. Hit enter and OK, now that’s created.

    016-cmndlet-NewDynamicDistributionGroup-PowerShell

    If we go back in the console and refresh this, we’ve now created this human resources group.

    017-filter-settings-Dynamic-Distribution-Groups-using-PowerShell

    018--filter-settings-Dynamic-Distribution-Groups-using-PowerShell

    If we preview the members on the filter tab.

    019-preview-members-Dynamic-Distribution-Groups-using-PowerShell

    You can now see that it has gone out to active directory. Check both of those attributes and put that collection of users here in that group.

    020-preview-members-Dynamic-Distribution-Groups-using-PowerShell

    When the messages are sent to this recipient, the members will be determined at the time that message hits the transport pipeline and that query is run against active directory.

    Something else that’s interesting with this is if you look here, this filter that was added.

    021-preview-members-Dynamic-Distribution-Groups-using-PowerShell

    This is what we use at first. Title equals HR manager, department equals HR. But, then, Exchange Server added all this other stuff for us here. It is filtering out all of these system mailboxes and CAS accounts and all the things mailbox plans, discovery mailboxes. The things that the system uses.

    You don’t have to know to filter this stuff out but remember that when you’re creating this with these filters, Exchange is going to do that for you. We can’t actually modify this filter in this screen from here. If we wanted to change this at this point, obviously, you need to go into PowerShell to do this. Let me clear this screen. We’ll take a look at a couple other things.

    You may also like:  Creating a SharePoint 2013 PowerShell Help Document with Examples

    What I’m going to do is I’m going to do a $var for a variable. I’m going to do a Get-DynamicDistributionGroup ‘Human resources’ and that will save an instance to that group in the variable.

    022-var-Dynamic-Distribution-Groups-using-PowerShell

    I’m going to do a $var .RecipientFilter.

    023-var-Dynamic-Distribution-Groups-using-PowerShell

    Here in the Shell, you can see the recipient filter just like we were looking at in the console.

    024-var-Dynamic-Distribution-Groups-using-PowerShell

    Really the use case for getting to this data would be if you wanted to preview the membership in the shell.

    You could actually use this variable to do that. For example, I could say Get-Recipient and say my RecipientPreviewFilter is $var.RecipientFilter.

    025-var-Dynamic-Distribution-Groups-using-PowerShell

    You can see that it executes that query and gives me back the recipients that match the filter.

    026-var-Dynamic-Distribution-Groups-using-PowerShell

    Now, one of the things that you might be thinking right now is how do I know which properties I can filter on?

    If we’re looking at our filter again or the title, the department. How would I actually know which ones those are? Which ones are available to me? When it comes to that, you have to go to the documentation. The cmdlet help isn’t going to give you that information specifically. There’s also this parameter, the recipient filter parameter on multiple cmdlets.

    What I would recommend it that you go out to Technet that talks about this. Filterable Properties for the -RecipientFilter Parameter. This article has a list of different recipient filters that you can use and the appropriate values for those. There has been some instances where I’ll run into things where there’s a property that’s filterable that is not on this list. You got to keep track for this and hopefully, that would be completely updated at some point.

    027-var-Dynamic-Distribution-Groups-using-PowerShell

    But notice the recipient filter parameters available not only new Dynamic Distribution Group but all this other ones as well and if you scroll down here, you can see there’s a table that will tell you here’s the property names that you can filter on and there’s a real long list here.

    028-technet-table-Dynamic-Distribution-Groups-using-PowerShell

    If you were not sure which ones you can use, I would recommend you go to this article and check that out.

    That’s the process of using the Shell to manage Distribution Groups, Dynamic Distribution Groups. Work with the filters and actually query those filters from the command line.

    See what people are saying...

    1. schaep

      hmm trying to exclude empty fields like | company -eq ” | (nonvalid Opath error) or | company -eq ‘$null’ | (still result contains entries with these field empty).
      Anyone got any tips how to deal with this?

      (Empty company would mean admin account 🙂 )

    2. Brian

      Exchange 2013 (O365). What would a rule look like if you wanted to have all users who report downwards from a single Manager, example;

      Manager (This level)
      TeamLead1, TeamLead2, TeamLead3
      Worker1..2..3 | Worker1..2..3 | Worker1..2..3

    3. Alexei Karam

      Hi, I have Exchange 2010 SP3, since long I can no more export the members of a DDG in the shell, I always get all the OU members, the filter is not applied!

      i.e. Get-Recipient -RecipientPreviewFilter $var.RecipientFilter lists all the recipients container members, why?

    4. acolada

      Like Glo is saying. A DDL, nested within a DL, won’t work for the nested group. It works only for users or other nested DL. That is, even with a coressponding contact added in O365. The DDL works perfectly if sendind directly to it. Any powershell workaround for this?

    5. Glo

      Hi – Awesome article.

      The question now is in hybrid mode, DDG is not sync’d. What would be the workaround? other than what MSFT has suggested using a mail contact?

      In my environment, we have DDG nested within a DL. Which even with the mail contact workaround, I am still facing an issue.

      Any comments are appreciated.

    6. Rod

      I enjoyed this post and it’s helped figure out a problem I am still having. I am in a exchange 2010\O365 hybrid environment. It seems that if I have an AD user that doesn’t have an Exchange Mail Contact created, whenever I create a DDG for all users in an OU, the DDG will pick them all up except for the user that has no corresponding mail contact. I tried the following: New-DynamicDistributionGroup -Name HQTest2 -OrganizationalUnit “contoso.com/Departments/Users” -RecipientFilter {Emailaddresses -ne $null} but it still wouldn’t pick up the user. Any suggestions?

    7. bob

      Great article.
      Any tips for excluding an attribute from the query?
      Im trying to include all members of a particular OU, excluding ‘Contractor’ Job Titles.

    8. Pingback: Exchange 2010: AD group for a Dynamic Distribution List | YASAB

    Share your thoughts...

    Please fill out the comment form below to post a reply.