Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server

Home > Blogs > Exchange Server > Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server

Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server

1 9 Mike Pfeiffer
Added by March 19, 2014

Using PowerShell to Manage Dynamic Distribution Groups and Recipient Filters in Exchange Server.

Dynamic Distribution Groups in Exchange Server are a little bit different than your typical Distribution Group.


For example, if I go into this Marketing Distribution Group and take a look at the members, you can see that this is a static list of members straight out of active directory that have mailboxes.


The group of users in this list is determined long before anybody ever sends an email message to it. The idea with Dynamic Distribution Groups is that we can basically determine that membership list based off of a query. This would be a query of maybe the users have a certain attribute for their job title or their department or a number of other things.

In the actions screen you can see that we have the ability to create a dynamic Distribution Group in addition to just a regular Distribution Group.


Let’s go ahead and run through that real quick.

I’m going to click on new dynamic Distribution Group and I’m going to call this one Human Resources. The alias will be the same just no spaces involved here, HumanResources.


I’m going to hit next and here are the filter settings that we’re using as a way to define membership list.


I’m going to scope this group.

It’s basically anything in Active Directory.


I’ve got one domain in a single forest so I want to look for any recipients in that entire domain and forest and I’m going to let all recipient types to be affected by this.


Here are really my conditions. I have a few options here in the graphical.


I can say well maybe the recipient is in that HR department.


I’ve got the ability to key that out to company or the state or some of these custom attributes but that’s about it.

In a scenario where I have more criteria using the GUI is a little limiting. We can use PowerShell to add multiple attributes to this that aren’t on this list. For example, I might want the job title to be part of that query as well. Instead of creating this with the GUI, I’m actually going to go in the Shell and do this.

Let’s bring this up and the cmdlet for this is New-DynamicDistributionGroup.


I’m going to call this ‘Human Resources’ again. This will be the display name that my recipient container will be uss.local.


I’m going to use the recipient filter parameter. It’s hard to see this here because its line wrapping but it’s the recipient filter parameter.


I want to specify my filter syntax using something called OPATH. Good thing is it looks just like a filter you would write in typical PowerShell. Starting with Exchange 2007, we no longer use LDAT filters and we use OPATH‑filtering syntax.

I’m going to open a curly brace { and I’m going to say title, that’s the property that I’m interested here equals HR manager and I’m going to close that off there.


I’m using single quotes here because there’s a space in that string. I’m also going to do a dash or (-or). I’m going to look for two separate things either have a department attribute set to HR or the department title or the user title, I should say, set to HR manager.


This is using a filter that I couldn’t actually do in the graphical console. Let me hit enter to create this group. It looks like I’ve misspelled one of my attributes here so it should be department. Again, make sure you read the errors.


It tells me exactly what the problem is, the filter, the property that I’ve been trying to use is not valid. Basically, I had to re‑read that notice that I have misspelled it. Let’s try that again. Hit enter and OK, now that’s created.


If we go back in the console and refresh this, we’ve now created this human resources group.



If we preview the members on the filter tab.


You can now see that it has gone out to active directory. Check both of those attributes and put that collection of users here in that group.


When the messages are sent to this recipient, the members will be determined at the time that message hits the transport pipeline and that query is run against active directory.

Something else that’s interesting with this is if you look here, this filter that was added.


This is what we use at first. Title equals HR manager, department equals HR. But, then, Exchange Server added all this other stuff for us here. It is filtering out all of these system mailboxes and CAS accounts and all the things mailbox plans, discovery mailboxes. The things that the system uses.

You don’t have to know to filter this stuff out but remember that when you’re creating this with these filters, Exchange is going to do that for you. We can’t actually modify this filter in this screen from here. If we wanted to change this at this point, obviously, you need to go into PowerShell to do this. Let me clear this screen. We’ll take a look at a couple other things.

What I’m going to do is I’m going to do a $var for a variable. I’m going to do a Get-DynamicDistributionGroup ‘Human resources’ and that will save an instance to that group in the variable.


I’m going to do a $var .RecipientFilter.


Here in the Shell, you can see the recipient filter just like we were looking at in the console.


Really the use case for getting to this data would be if you wanted to preview the membership in the shell.

You could actually use this variable to do that. For example, I could say Get-Recipient and say my RecipientPreviewFilter is $var.RecipientFilter.


You can see that it executes that query and gives me back the recipients that match the filter.


Now, one of the things that you might be thinking right now is how do I know which properties I can filter on?

If we’re looking at our filter again or the title, the department. How would I actually know which ones those are? Which ones are available to me? When it comes to that, you have to go to the documentation. The cmdlet help isn’t going to give you that information specifically. There’s also this parameter, the recipient filter parameter on multiple cmdlets.

What I would recommend it that you go out to Technet that talks about this. Filterable Properties for the -RecipientFilter Parameter. This article has a list of different recipient filters that you can use and the appropriate values for those. There has been some instances where I’ll run into things where there’s a property that’s filterable that is not on this list. You got to keep track for this and hopefully, that would be completely updated at some point.


But notice the recipient filter parameters available not only new Dynamic Distribution Group but all this other ones as well and if you scroll down here, you can see there’s a table that will tell you here’s the property names that you can filter on and there’s a real long list here.


If you were not sure which ones you can use, I would recommend you go to this article and check that out.

That’s the process of using the Shell to manage Distribution Groups, Dynamic Distribution Groups. Work with the filters and actually query those filters from the command line.

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 642 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1482 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 608 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

  1. Avatar Anuj


    I have 2000 dynamic dl’s in my exchange 2010.
    How can I export query for all dynamic dl’s in 1 csv file.
    csv file should contain DL display name & email address

  2. Avatar schaep

    hmm trying to exclude empty fields like | company -eq ” | (nonvalid Opath error) or | company -eq ‘$null’ | (still result contains entries with these field empty).
    Anyone got any tips how to deal with this?

    (Empty company would mean admin account 🙂 )

  3. Avatar Brian

    Exchange 2013 (O365). What would a rule look like if you wanted to have all users who report downwards from a single Manager, example;

    Manager (This level)
    TeamLead1, TeamLead2, TeamLead3
    Worker1..2..3 | Worker1..2..3 | Worker1..2..3

  4. Avatar Alexei Karam

    Hi, I have Exchange 2010 SP3, since long I can no more export the members of a DDG in the shell, I always get all the OU members, the filter is not applied!

    i.e. Get-Recipient -RecipientPreviewFilter $var.RecipientFilter lists all the recipients container members, why?

  5. Avatar acolada

    Like Glo is saying. A DDL, nested within a DL, won’t work for the nested group. It works only for users or other nested DL. That is, even with a coressponding contact added in O365. The DDL works perfectly if sendind directly to it. Any powershell workaround for this?

  6. Avatar Glo

    Hi – Awesome article.

    The question now is in hybrid mode, DDG is not sync’d. What would be the workaround? other than what MSFT has suggested using a mail contact?

    In my environment, we have DDG nested within a DL. Which even with the mail contact workaround, I am still facing an issue.

    Any comments are appreciated.

  7. Avatar Rod

    I enjoyed this post and it’s helped figure out a problem I am still having. I am in a exchange 2010\O365 hybrid environment. It seems that if I have an AD user that doesn’t have an Exchange Mail Contact created, whenever I create a DDG for all users in an OU, the DDG will pick them all up except for the user that has no corresponding mail contact. I tried the following: New-DynamicDistributionGroup -Name HQTest2 -OrganizationalUnit “” -RecipientFilter {Emailaddresses -ne $null} but it still wouldn’t pick up the user. Any suggestions?

  8. Avatar bob

    Great article.
    Any tips for excluding an attribute from the query?
    Im trying to include all members of a particular OU, excluding ‘Contractor’ Job Titles.

  9. Pingback: Exchange 2010: AD group for a Dynamic Distribution List | YASAB

Share your thoughts...

Please fill out the comment form below to post a reply.