The Power of Exchange Online Dynamic Distribution Lists

Dynamic Expansion of Recipient Lists

Exchange 2003 introduced query-based distribution groups (QDGs), a form of email distribution list which doesn’t have a fixed set of recipients but instead contains a query to be executed against a directory to resolve the recipients each time the list is used. Today, the same concept persists in Exchange Online dynamic distribution lists (DDLs) and Microsoft 365 dynamic groups. However, as detailed in Table 1, the two implementations for dynamic membership are based on very different foundations.

AttributeDynamic distribution listMicrosoft 365 dynamic group
Resolved againstExchange Online Directory (EXODS)Azure Active Directory
Used forEmailTeams, Outlook Groups, Yammer
PurposeSend emailSend email and manage access to Microsoft 365 resources like SharePoint sites
Supported objectsAny mail-enabled recipient type (including hybrid objects)Azure AD user and guest accounts
LicensingIncluded in Exchange OnlineAzure AD Premium P1
Query syntax for query rulesOPATHODATA
Filters based onExchange object attributesAzure AD object attributes
Table 1: Comparing Exchange Online dynamic distribution lists and dynamic Microsoft 365 Groups

You can boil the differences down to the directory used to resolve membership, but that’s a very simplistic view. The bigger differences are the cost and how Microsoft 365 groups are used to manage membership for Teams, Yammer, and other apps.

Anatomy of a Dynamic Distribution List

A DDL is composed of:

  • An Exchange Online object which is not synchronized to Azure AD. A DDL only exists in EXODS.
  • A recipient filter used to resolve the set of recipients. The filter can resolve against Azure AD attributes (like City and Department), but only if they are synchronized to EXODS. Many other Exchange-specific attributes can be used in recipient filters.
  • Other properties like a manager, MailTip, etc. used by email functionality.

A DDL cannot be used for security purposes. Its membership cannot contain a mixture of fixed and dynamic recipients, but membership can be made up of any mail-enabled recipient type including other distribution lists, mail contacts, public folders, and hybrid recipients.

Managing Dynamic Distribution Lists

DDLs are created and managed using the older Exchange admin center or PowerShell. The modern EAC does not yet include the functionality to create and manage DDLs. And because DDLs are not Azure AD objects, you can’t create or manage them through the Azure AD portal or the Microsoft 365 admin center.

Figure 1 shows the initial step in creating a new DDL. At the bottom of the screen you can see the start of creating the query for the DDL when we specify what types if mail-enabled recipients should be found.

Creating a new dynamic distribution list
Figure 1: Creating a new dynamic distribution list

Finding only recipients of a certain type is a valid query, but in most cases, you’ll want to refine the filter by adding some rules to check against filterable properties. In Figure 2, we’ve chosen to filter against two properties (Department and CustomAttribute1) and are entering one of the values we want to find in CustomAttribute1.

Building out the query rules for a dynamic distribution list
Figure 2: Building out the query rules for a dynamic distribution list

When saved, the rules are written out into the RecipientFilter property of the DDL. Exchange Online writes the recipient filter into the list after applying some post-processing to make sure that the filter finds the intended objects. Here’s the filter created for the DDL shown in Figures 1 and 2:

Get-DynamicDistributionGroup -Identity "Office 365 for IT Pros Writers" | Select -ExpandProperty RecipientFilter

((((((Department -eq 'Writers') -or (Department -eq 'Authors') -or (Department -eq 'Production'))) -and (CustomAttribute1 -eq 'Author’) -and (RecipientType -eq 'UserMailbox'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'AuxAuditLogMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'SupervisoryReviewPolicyMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'GuestMailUser')))

The filter looks complex, but the bulk is made up of exclusionary clauses to avoid messages being sent to system mailboxes.

Recipient Filters

Recipient filters (queries) are at the heart of DDLs. The queries are stated in OPATH format and two types are available:

  • Precanned filters are created when you compose query rules for a DDL through the EAC. Precanned filters are restricted to queries against a small number of well-known object properties such as the department, city, and 15 customizable attributes. See this article for details for how to use precanned filters.
  • Custom filters are created when you use PowerShell to define a recipient filter. Canned filters are more powerful and flexible than precanned filters because a wider of properties can be included in a query. Once you apply a custom filter to a DDL, you won’t be able to edit the filter through the EAC. This article explains how to build custom filters for use with a dynamic distribution list.

No matter how good your query is, it is useless if the properties of objects stored in EXODS are incomplete or inaccurate. Queries will run, but the transport service won’t find the correct set of addressees to receive messages.

You can test the effectiveness of a recipient filter by using it with the Get-Recipient cmdlet and checking the set of objects returned. For example:

Get-Recipient –RecipientPreviewFilter (Get-DynamicDistributionGroup –Identity "Office 365 for IT Pros Writers").RecipientFilter

Name		RecipientType
---- 		-------------
Jeff.Guillet    UserMailbox
James.Ryan      UserMailbox
Jane.Sixsmith   UserMailbox

Update: You can now use the Get-DynamicDistributionGroupMember cmdlet to see the membership of a dynamic distribution list.

Messages sent to dynamic distribution lists with queries that don’t find any recipients go into a void. Senders don’t receive any indication that the message reached no one, which is a good reason to validate that the recipient filter for a DDL finds some recipients.

Dynamic Distribution Lists Still Valuable

DDLs are simple, robust, and work. Everything depends on the recipient filter, but once you can query and find the right recipients, there’s very little else that can go wrong. DDLs are a good choice when you want to target communications at a changeable set of mail-enabled recipients and don’t want to spend a lot of time making sure that the list membership doesn’t go out of date. The big dependency is the directory. Make sure that EXODS (and by extension, Azure AD) is populated with accurate information and you’ll lay a great foundation for successful DDLs.

Learn more about dynamic distribution lists and dynamic Microsoft 365 Groups in the Office 365 for IT Pros eBook. We must be like a dynamic distribution list because we’re always updating our contents to stay accurate.

4 Replies to “The Power of Exchange Online Dynamic Distribution Lists”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.