Notes

I extended the recipient filter for a dynamic distribution group described in an earlier article.

As a short recap, the distribution group should have two kinds of members:

1. Users where the Company field has a specific value
2. Users that are members of a specific security group

But there was now a kind of user, where the Company field has this specific value, but the user must not be a member of the distribution group. It was not possible to put the user in its own organizational unit, because the distribution group includes all organizational unit.

So I extended the recipient filter to exclude users being member of an other security group:

(
    (
        (
            (MemberOfGroup -ne 'CN=my-other-group,OU=groups,DC=mycompany,DC=local')
            -and
            (
                (Company -eq 'My company')
                -or
                (MemberOfGroup -eq 'CN=my-group,OU=groups,DC=mycompany,DC=local')

            )
            -and
            (
                (
                    (RecipientType -eq 'UserMailbox')
                    -or
                    (RecipientType -eq 'MailUser')
                )
            )
        )
    )


    -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox'))-and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox'))
)

The important (and new) part is (MemberOfGroup -ne 'CN=my-other-group,OU=groups,DC=mycompany,DC=local') -and …. It excludes users that are members of the security group named my-other-group. Again you have to address the group by its distinguished name and users must be direct members of the group.