Dynamic Distribution Group

Setup a dynamic email distribution group in Exchange 2016 hybrid deployment based on a security group membership. All embers of this distribution group have o365 mailboxes.

Here is how I set it up but doesn't seem to be working:

Set-DynamicDistributionGroup -Identity "Accounting" -RecipientFilter {((RecipientType -eq 'MailUser') -and (memberOfgroup -eq 'CN=ABC,OU=Groups,OU=Application,DC=XYZ,DC=com'))}

Can anyone see a reason why this is not working?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

timgreen7077Exchange EngineerCommented:
Try it this way:

Set-DynamicDistributionGroup -Identity "Accounting" -IncludedRecipients Mailusers -RecipientContainer "testdomain.com/Internal Users/UserOU"
timgreen7077Exchange EngineerCommented:
I'm assuming since you are using the Set-DynamicDistributionGroup  cmdlet instead of the New-DynamicDistributionGroup the group is already created. if the group isn't even created you will need to use the New-DynamicDistributionGroup instead.
NegashAuthor Commented:
To be clear - I would like to use a security group as the main criteria for membership to the dynamic group.
i.e.  if a user is a member of the "ABC" security group, then I want it automatically be added as member of the "Accounting" dynamic dist. group.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

timgreen7077Exchange EngineerCommented:
I'm not about to look at the moment but I don't think you can add based on a security group. I do know you can use custom attributes to add members so you can give each member of that security group the same custom attribute and they can be added that way. Either someone else may respond or I will confirm once I'm able and let you know, but I don't recall being able to use a security group.
timgreen7077Exchange EngineerCommented:
Ok sorry about the delay, but you can't add members to the dynamic DL based on security groups. You can use the options I mentions such as custom attributes or OUs and few other attributes but not groups.

The easiest thing to do would just create add the OU for those O365 user objects as a criteria or use the custom attributes. For example, all those user get the customer attribute 1 and call the attribute O365User, now everyone with custom attribute 1 with O365User will be added to the DL.

These are simple solutions to what you are needing, but unfortunately you can't use a security group as a criteria.
NegashAuthor Commented:
What if I make the security group mail-enabled and use a custom attribute (say #15)  for this group? I will then setup the distribution group membership to include recipient types: "Mail user with external email addresses" and "Mail-enabled groups" along with the custom attribute rule 15. Do you think that would work?
timgreen7077Exchange EngineerCommented:
Mail enabling the group doesn't matter, it's just not an available option. you can still apply the custom attribute for the users in that group so that you can get the desired results. The custome attribute will give the results, not the security group.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timgreen7077Exchange EngineerCommented:
Also use the EAC console instead of the shell, that way you can see exactly what you are doing and you don't have to worry about the correct cmdlets.
NegashAuthor Commented:
I ended up using mail-enabled security group and created a contact in o365 with the same email address and able to achieve the desired result.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.