Dynamic distribution group based on security group membership
I wanted to create a dynamic distribution group in Exchange 2019 and wanted to include two kinds of users:
- Users where the Company field has a specific value
- Users that are members of a specific security group
The motivation was that our company has several sites. The Company states if a user is member of a site. And there are also users, that move between the sites. These users should be added using the security group.
To achieve this, I created the following recipient filter for the distribution group (indentation included for better readability):
(
(
(
(
(Company -eq 'My company')
-or
(MemberOfGroup -eq 'CN=my-group,OU=groups,DC=mycompany,DC=local')
)
-and
(
(
(RecipientType -eq 'UserMailbox')
-or
(RecipientType -eq 'MailUser')
)
)
)
)
-and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox'))-and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox'))
)
The import part is (Company -eq 'My company') -or (MemberOfGroup -eq 'CN=my-group,OU=groups,DC=mycompany,DC=local'). The long part at the bottom is the default filter.
There are some important things:
- You must specify the distinguished name for the group
- The users must be direct member of the group, nested groups do not work.
But hey, it works :)
Published on 2022-03-16, 18:38 +0000