Manually Add User To Dynamic Distribution Group

  

Mar 25, 2016  Adding Bulk Users in AD Distribution Group Taking users userprincipalname from one OU and exporting it to a CSV file please follow the below For instance below is the screen shot of the AD users and computer. I have made two OUs one is name sync users and other named Customer. Aug 02, 2017 Remove user from dynamic distribution group in Office 365. Get answers from your peers along with millions of IT pros who visit Spiceworks. I am trying to find a powershell command that will allow me to remove a user with mailbox from a dynamic distribution group in Office 365. I wasn't able to find it on in the admin panel or the Exchange setup. Microsoft gave us this one but it keeps erroring out.

Mar 19, 2014  Dynamic Distribution Groups in Exchange Server are a little bit different than your typical Distribution Group. For example, if I go into this Marketing Distribution Group and take a look at the members, you can see that this is a static list of members straight out. Not all users, who seem to be in a particular dynamic distribution list, are receiving mail sent to this ddl. Is there a command or way to force a dynamic distribution group to update? Also, would there be a way to manually add or remove users to/from the ddl? I would like to add.

You may be able to create some new universal distribution groups, then place those distribution lists inside the OU where the dynamic distribution list applies. You could then add or remove users from those distribution lists when needed. And you would probably want to hide them from the exchange address lists (assuming that doesn't break the process.)

I haven't done this myself, so no guarantees. I know it works with mail-enabled security groups, which would have the same effect but also cause any users in that group to be effected by group policy objects applied to that OU.

Dynamic Group Membership in Azure Active Directory (Part 1)

In Part 1 of this series, I will cover Creating and Assigning Licenses and Applications to a Dynamic User Group in this blog post.

One of my favorite new features in Azure Active Directory is Dynamic Group Membership. In these blog posts, I will describe the different types of Dynamic Groups that you can create, then assign these Groups to Applications and Licenses. If a user or device satisfies a rule on a group, they are added as a member of that group. If they no longer satisfy the rule, they are removed. This is very useful for dynamically provisioning Users into the proper group where they will automatically get the assigned Licenses and Applications based on attributes. Example: A Sales Person gets a new role in the Marketing Department... once that persons title, department or company attribute is changed, they will automatically be removed from the Sales Group(s) and the associated Licenses and Applications, then automatically join to the Marketing Group(s) based on title, department or company and be assigned appropriate Marketing Licenses and Applications.

Add a user to dynamic distribution group

I will first create a Dynamic User Group:

I selected Bedrock Users to go along with the Flintstones theme. The following options are available for Membership Type:

  • Assigned
  • Dynamic Device
  • Dynamic User

I for this section, I selected Dynamic User under Membership Type. For my dynamic query, I selected the following:

Add users where: city equals Bedrock

Now, all users (Local Active Directory and Azure Active Directory) who have City defined as Bedrock will automatically be added to this group. I choose the city attribute, but you could choose many different attributes, including 16 custom attributes. In another demo, I created an attribute on my local Active Directory called LSU Fan, configured Azure AD Connect to sync that attribute, then gave certain applications access to Users if they had a Yes value.Some of the popular attributes are the following:

  • Company Name
  • Department
  • Title
  • User Type
  • City
  • State
  • Postal Code
  • Office Name

I used Equals in my Bedrock Users Group, but you are able to use any of the following supported expression rule operators:

Here is a screen shot of Fred Flintstone User Profile showing where Bedrock is defined in City attribute:

How to add user to dynamic distribution group

Now, all the Flintstones and Rubbles are members of the Dynamic Group.

Now that my group is dynamically populated, I can assign Licenses and Applications to the group.

In the caption below, I assigned Enterprise Mobility + Security E5 License to the Bedrock Users Group.

In the screen shot below, I assigned Bedrock Users access to the Box Enterprise Application:

Now, any User that is created or modified and has Bedrock listed under City will automatically get Enterprise Mobility + Security E5 License and access to Box Enterprise Application.

You can also create a group containing all direct reports of a manager. When the manager's direct reports change in the future, the group's membership will be adjusted automatically.

For the rule to work, make sure the Manager ID property is set correctly on users in your tenant. You can check the current value for a user on their Profile tab.

Under Dynamic membership rules, I created an Advanced rule - Direct Reports for '65ebb1eb-7bf9-49f7-9750-ae1e04471a1a' - now, all of Fred Flintstones Direct Reports will automatically be added to this group. If someone switches Managers, they will automatically be removed from this Group.

Manually

Manually Add User To Dynamic Distribution Group Vs Distribution Group

Fred Flintstones Object ID is 65ebb1eb-7bf9-49f7-9750-ae1e04471a1a and Barney Rubble has his Manager ID populated with Fred's Object ID. This can be set on Local Active Directory using Active Directory Users and Computers: User - Organization Tab - Manager Name. Then the Manager ID will be populated in Azure with the next AD Connect Sync. If this is a cloud only account, then Manager ID will have to be populated manually. Direct Reports is not listed as an attribute in the drop list but does work and is supported - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal

Manually Add User To Dynamic Distribution Group Exchange 2007

The Dynamic Group feature is an Azure Active Directory Premium feature which is included with Enterprise Mobility + Security Suite and Microsoft 365 Suite.

You can create a dynamic group for devices or users, but you cannot create a rule that contains both user and device objects.

This is the conclusion of Part 1 of 2 Blog Posts on Dynamic Group Membership in Azure Active Directory.

Next, I will create Part 2 to cover creating Dynamic Device Groups and using Advanced Dynamic Membership Rules - https://blogs.technet.microsoft.com/pauljones/2017/08/29/dynamic-group-membership-in-azure-active-directory-part-2/.

Thank You,

Update Dynamic Distribution Group

Paul Jones