Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Create a Dynamic distribution group with excluding an OU

Posted on 2014-12-01
Last Modified: 2014-12-02

I am looking to set up a New Dynamic distribution group but I would like to exclude a entire OU.  is there an easy way of setting this up with out using Custom attributes?

Please let me know
Question by:SEHC
  • 2
  • 2
LVL 70

Accepted Solution

Chris Dent earned 250 total points
ID: 40475367
Nope. None of the filter options will allow you to filter against OU because it's not an attribute of the user. All attributes which do hold that (such as distinguishedName and canonicalName) do not allow wild card filtering (meaning you can't target the parent OU of a user).

LVL 36

Assisted Solution

by:Jian An Lim
Jian An Lim earned 250 total points
ID: 40475469
the only way to get it is to insert a custom attribute to the user based

For example Get-Mailbox -OrganizationalUnit "OU=BLOCK,DC=ABC,DC=Lock" | Set-Mailbox -CustomAttribute1 "BlockDDL"

Then you create the DDL filter to exclude CustomAttribute1  -notlike (-ne) "BlockDDL"  (it can be any CustomAttribute )

This is not ideal but kind of achieve what you want

Author Comment

ID: 40475825

can I set it up and just skip a OU entirely?  or this can not be done as well because I would like to not have to manage this on a daily bases
LVL 70

Expert Comment

by:Chris Dent
ID: 40475834
No because there is nothing that will let you filter out an OU, no attribute holds a user (or other AD objects) parent OU.

Your only choice is to populate some other attribute with something you can filter on and maintain that.


Author Comment

ID: 40476457

how would I set the New-DynamicDistributionGroup to not equals to ??? can you send me the syntax

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question