Not too long ago, I got a support ticket to exclude a user account from a Dynamic Distribution group, I thought it should be a very straightforward task, but I was wrong.
I did some googling, found a few guides and documentation, most of the guides I saw were not explanatory enough, it seems all are some sought of copy-paste. I quickly remember one of my friends once asked for my assistance on a related ticket while we were working as Support Engineer for Microsoft 356. I reached out to him for assistance and after a few discussions solution came.
I will be sharing in this article how you can replicate the same if you have such a request.
For the sake of this article, the member of my Dynamic Distribution List (DDL) would be “Users with Exchange Mailboxes”. This article is also useful if your setting is “All recipients types” or any other setup
The first thought that comes to mind would be, I can use the Rule on the GUI to filter member, yes, but there are limited options and the rule is quite easy if you want to filter user based on Department, State etc. and not exclude.
However, if you have a better means of using the custom attribute to exclude, please drop a comment so we can learn from you.
I will like to display the member of my Dynamic Distribution Group (DDG), using PowerShell. I connected to Exchange online and use the cmdlet below. my group id is exec
Get-Recipient -Filter (Get-DynamicDistributionGroup “exec”).RecipientFilter
I would like exclude Jessica and Pradeep from this Dynamic Distribution Group, and be using Set-DynamicDistributionGroup.
Here is the complete cmdlet
Set-DynamicDistributionGroup -Identity exec -RecipientFilter “(RecipientType -eq ‘UserMailbox’) -and (Alias -ne ‘Jessica’)”Quick break down , we have
Set-DynamicDistributionGroup -Identity exec nothing special here, we are trying to use the Set-DynamicDistributionGroup to modify the property of a Dynamic distribution group and the group identity is exec-RecipientFilter
Custom filter to specify the conditionsThe first condition being (RecipientType -eq ‘UserMailbox’), specifying that recipient type equals UserMailbox, with and operator connecting both expression (Alias -ne ‘Jessica’); Alias not equal ‘Jessica’
You can also use DisplayName as in (DisplayName -ne ‘Jessica Cage’)
When I run
Set-DynamicDistributionGroup -Identity exec -RecipientFilter “((RecipientType -eq ‘UserMailbox’) -and (Alias -ne ‘Jessica’))”My output is below(excluding Jessica)
Name RecipientType
---- -------------
Luthian UserMailbox
Santosh UserMailbox
Sophia UserMailbox
Ade UserMailbox
Nicholas UserMailbox
Michael UserMailbox
TechHangOut UserMailbox
Salem UserMailbox
admin UserMailbox
Pradeep UserMailboxWhen the Dynamic Distribution Group (DDG)is view from the GUI, we have
The text there in is
((((RecipientType -eq 'UserMailbox') -and (Alias -ne 'Jessica'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))Here is the trick, all DDG has a filter rule, to get the rule via PowerShell use Get-DynamicDistributionGroup -Identity exec | fl Name,RecipientFilter
PS C:\WINDOWS\system32> Get-DynamicDistributionGroup -Identity exec | fl Name,RecipientFilterName : Executives
RecipientFilter : ((((RecipientType -eq 'UserMailbox') -and (Alias -ne 'Jessica'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name-like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))
If you are patient to compare what I got from the Powershell cmdlet and what I copied from the GUI it is exact the same
You might wonder why going into much detail, if you want to apply a filter to a DDG that already had a filter, you MUST know the existing filter, as you will need to append new conditions to the existing conditions.
Let’s say I want to exclude my second user, bear in mind i have an existing rule now, do you still remember the name? hmmmm 😀 scroll to the 🔼 the check it 👍
One will think i can use
Set-DynamicDistributionGroup -Identity exec -RecipientFilter “(RecipientType -eq ‘UserMailbox’) -and (Alias -ne ‘Pradeep’)”So I did and below is my output
PS C:\WINDOWS\system32> Set-DynamicDistributionGroup -Identity exec -RecipientFilter "(RecipientType -eq 'UserMailbox') -and (Alias -ne 'Pradeep')"PS C:\WINDOWS\system32> Get-Recipient -Filter (Get-DynamicDistributionGroup “exec”).RecipientFilter
Name RecipientType
---- -------------
Luthian UserMailbox
Santosh UserMailbox
Sophia UserMailbox
Ade UserMailbox
Jessica UserMailbox
Nicholas UserMailbox
Michael UserMailbox
TechHangOut UserMailbox
Salem UserMailbox
admin UserMailbox
If you look closely, Jessica is on the list and Pradeep not on the list, it mean whenever you run a new cmdlet the exiting is overwritten.
How can you ensure you add a new rule, guess… 🎤 you can either
a. Combine the two rule at once
b. Review and get the existing rule then append the new rule
Combine the two rule at once
Set-DynamicDistributionGroup -Identity exec -RecipientFilter “(RecipientType -eq ‘UserMailbox’) -and (Alias -ne ‘Jessica’)-and (Alias -ne ‘Pradeep’)”
Output
<# Combine the two rule, excluding Jessica and Pradeep #>
PS C:\WINDOWS\system32> Set-DynamicDistributionGroup -Identity exec -RecipientFilter "(RecipientType -eq 'UserMailbox') -and (Alias -ne 'Jessica')-and (Alias -ne 'Pradeep')"<# View member of the DDG#>
PS C:\WINDOWS\system32> Get-Recipient -Filter (Get-DynamicDistributionGroup “exec”).RecipientFilterName RecipientType
---- -------------
Luthian UserMailbox
Santosh UserMailbox
Sophia UserMailbox
Ade UserMailbox
Nicholas UserMailbox
Michael UserMailbox
TechHangOut UserMailbox
Salem UserMailbox
admin UserMailbox
Review and get the existing rule then append the new rule
For better understanding, i want to exclude Salem from the group, which will form my existing rule, then i will now exclude Jessica and Pradeep.
PS C:\WINDOWS\system32> Set-DynamicDistributionGroup -Identity exec -RecipientFilter "(RecipientType -eq 'UserMailbox')-and (Alias -ne 'Salem')"<# View member of the DDG#>
PS C:\WINDOWS\system32> Get-Recipient -Filter (Get-DynamicDistributionGroup “exec”).RecipientFilterName RecipientType
---- -------------
Luthian UserMailbox
Santosh UserMailbox
Sophia UserMailbox
Ade UserMailbox
Jessica UserMailbox
Nicholas UserMailbox
Michael UserMailbox
TechHangOut UserMailbox
admin UserMailbox
Pradeep UserMailbox
As you can see above, Salem has been excluded, hence we have existing rule, so we want to exclude Pradeep and Jessica
So in this method, I want to get the existing rule and then append the new rule.
As discuss above, to get the existing rule we use Get-DynamicDistributionGroup -Identity exec | fl Name,RecipientFilter
PS C:\WINDOWS\system32> Get-DynamicDistributionGroup -Identity exec | fl Name,RecipientFilterName : Executives
RecipientFilter : ((((RecipientType -eq 'UserMailbox') -and (Alias -ne 'Salem'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))
I will copy the result of RecipientFilter (Note in bold in the Output), add the new rules, then run the new rule
See below, take note of the the bolded text as the modification on the second code block
((((RecipientType -eq 'UserMailbox') -and (Alias -ne 'Salem'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))<#Notice I added -and (Alias -ne 'Jessica')-and (Alias -ne 'Pradeep'), check the bolded text#>((((RecipientType -eq 'UserMailbox') -and (Alias -ne 'Salem')-and (Alias -ne 'Jessica')-and (Alias -ne 'Pradeep'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))Then the complete cmdlet is, take note of the bolded textSet-DynamicDistributionGroup -Identity exec -RecipientFilter “((((RecipientType -eq ‘UserMailbox’) -and (Alias -ne ‘Salem’)-and (Alias -ne ‘Jessica’)-and (Alias -ne ‘Pradeep’))) -and (-not(Name -like ‘SystemMailbox{*’)) -and (-not(Name -like ‘CAS_{*’)) -and (-not(RecipientTypeDetailsValue -eq ‘MailboxPlan’)) -and (-not(RecipientTypeDetailsValue -eq ‘DiscoveryMailbox’)) -and (-not(RecipientTypeDetailsValue -eq ‘PublicFolderMailbox’)) -and (-not(RecipientTypeDetailsValue -eq ‘ArbitrationMailbox’)) -and (-not(RecipientTypeDetailsValue -eq ‘AuditLogMailbox’)) -and (-not(RecipientTypeDetailsValue -eq ‘AuxAuditLogMailbox’)) -and (-not(RecipientTypeDetailsValue -eq ‘SupervisoryReviewPolicyMailbox’)))”
The Output below
PS C:\WINDOWS\system32> Set-DynamicDistributionGroup -Identity exec -RecipientFilter "((((RecipientType -eq 'UserMailbox') -and (Alias -ne 'Salem')-and (Alias -ne 'Jessica')-and (Alias -ne 'Pradeep'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')))"<# View member of the DDG#>
PS C:\WINDOWS\system32> Get-Recipient -Filter (Get-DynamicDistributionGroup “exec”).RecipientFilterName RecipientType
---- -------------
Luthian UserMailbox
Santosh UserMailbox
Sophia UserMailbox
Ade UserMailbox
Nicholas UserMailbox
Michael UserMailbox
TechHangOut UserMailbox
admin UserMailbox
As you can see Salem, Pradeep and Jessica have been excluded from the DDG.
To remove all filter and set to UserMailbox (users with Exchange mailboxes) use below
Set-DynamicDistributionGroup -Identity exec -RecipientFilter "((RecipientType -eq 'UserMailbox')If you have queries or clarification please use the comment section or ping me olusola@exabyte.com.ng
