Create a Dynamic Distribution List based on Manager
Having Dynamic Distribution Lists based on Manager’s direct reports can come in very handy especially if you keep the manager attribute in your Active Directory updated. The creation of dynamic distributions lists (DDL) is a fairly simple process, the trick is getting the RecipientFilter string correct. This blog post describes the process to create a dynamic distribution group or dynamic distribution list based on Manager.
Assumptions
Exchange Online – all mailboxes for org exist in Exchange Online
On-prem AD – you are running a hybrid environment and have on-prem AD
Microsoft Entra ID (formerly Azure Active Directory) – you also sync to your Microsoft tenant
Preparation
You may need to prep your PowerPoint shell if you haven’t already done so. Make sure to run the following cmdlets in order for the PS commands referred to later in this post to work.
Install-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName <your admin account@contoso.com>
Install-Module AzureAD
Install-Module MSOnline
Connect-MsolService
Step 1 – Find all Direct Reports for the Manager
This step is important so that you know what the results of your DDL should return before you create it. In our example below, we are creating a DDL for bsmith@contoso.com. Open PowerShell and run the following cmdlet:
Get-User bsmith@contoso.com | select -ExpandProperty directreports
You should receive a list of direct reports for manager bsmith@contoso.com
Step 2 – Find the distinguishedName (DN) attribute for Manager
Dynamic Distribution Lists can only be created on Exchange Online. Therefore, the distinguishedName (DN) you must use in the RecipientFilter of your Dynamic Distribution Group cmdlet is from the Exchange Online Directory Services (ExODS).
Use the following command to get the distinguishedName of the manager:
Get-EXOMailbox -Identity bsmith@contoso.com
You should receive the distinguishedName for the Manager (Bob Smith)
Step 3 – Preview the RecipientFilter string
Now that you have the distinguishedName of the Manager, you can “preview” the results prior to creating the dynamic distribution list. This is an important step as you do not want to waste time creating a DDL if it is not going to work. Use the following PowerShell cmdlet to preview the RecipientFilter string that you will ultimately use in the creation of the dynamic distribution list. Remember to plug in the DN of the manager you got from Step 2.
Get-Recipient -RecipientPreviewFilter {((Manager -eq 'CN=Bob Smith,OU=CONTOSO.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=XXABC6X099,DC=PROD,DC=OUTLOOK,DC=COM') -and (RecipientTypeDetails -eq 'UserMailbox'))}
You should receive the Direct Reports for Manager (Bob Smith).
This should match the list of direct reports you found in Step 1. If the preview looks correct, then you are ready to create the DDL.
Step 4 – Create the Dynamic Distribution List
Now that you have the distinguishedName of the Manager and previewed the RecipientFilter, it is time to create the Dynamic Distribution List. Use the PowerShell cmdlet below to create the dynamic distribution list based on Manager Bob Smith’s (DN).
New-DynamicDistributionGroup DL_Mgr_BSmith -RecipientFilter {((Manager -eq 'CN=Bob Smith,OU=CONTOSO.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=XXABC6X099,DC=PROD,DC=OUTLOOK,DC=COM') -and (RecipientTypeDetails -eq 'UserMailbox'))}
Your new dynamic distribution list should be created. You may need to wait up to 24 hours for the DDL to populate.
References
Below is a link to the Microsoft Learn page listing all the Exchange Recipient filterable Properties. This is a handy little guide to have when working with dynamic distribution lists.
Microsoft Exchange RecipientFilter Properties
I hope this helps. If so, please leave a comment!
This is good stuff, I am testing a rule that works on prem but not in Exchange online to pull all folks that are reporting to a particular manager in the entire chain based on LDAP_MATCHING_RULE_IN_CHAIN I can get the preview to work fine but it errors out on the actual creation of the DL due to syntax… any ideas if this is possible or how to correct the syntax? $filter= ‘(manager:1.2.840.113556.1.4.1941:=CN=steve,OU=domain.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=NAMPR06A002,DC=prod,DC=outlook,DC=com)’ Get-Recipient -RecipientPreviewFilter $Filter -ResultSize unlimited | select disp* DisplayName ———– Lab Test 04 Shawn steve03 steve05 steve08 steve09 steve10 steve11 New-DynamicDistributionGroup -Name “Steve Directs Testing” -alias… Read more »
Testing this out in o365 and it appears the LDAP command is not valid for use in O365 Exchange even though preview works fine. Specifically (manager:1.2.840.113556.1.4.194) which queries for all direct reports under a VP. $filter= ‘(manager:1.2.840.113556.1.4.1941:=CN=user1,OU=domain.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=NAMPR06A002,DC=prod,DC=outlook,DC=com)’ Get-Recipient -RecipientPreviewFilter $Filter -ResultSize unlimited | select disp* DisplayName ———– Lab Test 04 Shawn steve03 steve05 steve08 steve09 steve10 steve11 New-DynamicDistributionGroup -Name “GroupOne” -alias “GroupOne” -RecipientFilter $filter -WhatIf Write-ErrorMessage : Cannot process argument transformation on parameter ‘RecipientFilter’. Cannot convert value “(manager:1.2.840.113556.1.4.1941:=CN=User,OU=domain.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=NAMPR06A002,DC=prod,DC=outlook,DC=com)” to type “System.String”. Error: “Invalid filter syntax. For a description of the filter parameter syntax see the… Read more »
Strange. I have not experienced an issue where the “preview” works but the creation of the DDL does not. Going to have to research that one. Thanks for your post though!