How to Create a Report of Distribution Lists and their Owners

Thousands of Objects to Process Might Be a Graph Task

A reader asked about how to report details of 3,500 distribution lists and their owners. Normally, once the need exists to process thousands of Exchange Online articles, I think about using the Graph API (the Groups API in this case) to retrieve the set of distribution lists. The Graph API is a lot faster to find objects, but more code must be written, and an app registered in Azure AD. In any case, if the need is for a one-off report, you don’t need to go near the Graph as plain and simple PowerShell will serve nicely.

Writing Plain PowerShell to Create the Report

There aren’t many challenges involved in creating the script. Exchange Online stores the owners (managers) of a distribution list in the list’s ManagedBy property. Examining the property, we find one or more names of mailboxes or distribution lists. For example:

All Company Employees                         {Administrator, Kim Akers}

We could fetch the set of distribution lists and output whatever properties seem to make sense (display name, managed by, and email address), but we can retrieve more precise information by using the name of each owner to fetch its display name and email address, which is what I ended up doing with the Get-Recipient cmdlet. If you’re happy to report the owner information returned by the Get-DistributionGroup cmdlet, you can speed up processing by removing the code used to fetch the owner details.

After fetching details of each distribution list, all that’s left to do is create a record in a PowerShell list. Here’s the core code from the script. You’ll note that I exclude room lists from the set of distribution lists fetched from Exchange.

Write-Host "Finding Distribution lists in" $OrgName "..."
[array]$DLs = Get-DistributionGroup -ResultSize Unlimited -Filter {RecipientTypeDetails -ne "Roomlist"} | Select DisplayName, ExternalDirectoryObjectId, ManagedBy
If (!($DLs)) { Write-Host "No distribution lists found - exiting" ; break }
$Report = [System.Collections.Generic.List[Object]]::new()
Write-Host "Reporting Distribution lists and managers..."
ForEach ($DL in $DLs) {
    $ManagerList = [System.Collections.Generic.List[Object]]::new()
    ForEach ($Manager in $DL.ManagedBy) {
       $Recipient = Get-Recipient -Identity $Manager -ErrorAction SilentlyContinue
       If (!($Recipient)) { # Can't resolve manager
           $Recipient = "Unknown user" }
       $ManagerLine = [PSCustomObject][Ordered]@{  
         DisplayName = $Recipient.DisplayName
         UPN         = $Recipient.WIndowsLiveID }
    } # End processing managers
    $Managers = $ManagerList.DisplayName -join ", " 
    $DLLine = [PSCustomObject][Ordered]@{    
         DisplayName  = $DL.DisplayName     
         Managers     = $Managers
         EMailAddress = $DL.PrimarySmtpAddress }
} # End processing DL

After processing all the distribution lists, we create the report, which I did in both HTML (Figure 1) and CSV format, and the job is done. You can download the script from GitHub.

A HTML report of distribution lists and their managers
Figure 1: A HTML report of distribution lists and their managers

Using the Graph API

I describe above some current limitations using the Groups Graph API with distribution lists. One situation where the Graph shines is to report the membership of distribution lists. As you might recall, distribution lists support nesting, so it’s entirely possible that a distribution list might have several other distribution lists in its membership. I cover how to do this in a article. The output of that script is shown in Figure 2.

The report with expanded membership information
Figure 2: The report with expanded membership information

If you look at the script code, you’ll see that I use Get-DistributionGroup to fetch the set of distribution lists. It’s possible to do the same with a Graph query like the one shown below ($ characters are escaped for use with PowerShell). This is an advanced Azure AD query (see this page for more information). Get-GraphData is a function written to return data from a Graph query (the function is included in the script).

$Uri = "`$filter=Mailenabled eq true and not groupTypes/any(c:c+eq+'Unified')&`$count=true"
[array]$DLs = Get-GraphData -AccessToken $Token -Uri $uri

However, the data returned by the Groups API does not include the owner information. In fact, the List Owners call in the Groups API can’t currently return owners of distribution lists, which means that you need to use PowerShell to get this information, and because you need to run Get-DistributionGroup to get the owner list, there’s no point in using both the Graph query and Get-DistributionGroup as this just slows things down.

I’ve updated the distribution list membership script to report the expanded details of distribution list owners as described above. Now you have two choices for how to report distribution lists and their owners – with or without membership information.

Quick and Dirty Code

The script written to create the distribution list ownership report is very much a quick hack, using bits of other scripts (like the one to report the membership of Microsoft 365 groups), all stitched together with speed. Having a bag of tricks available in the form of a GitHub repository of scripts makes tenant administration just a little easier!

PS. There’s nothing in the code which is specific to Exchange Online. It should run without alteration against Exchange Server. The second script depends on the Microsoft Graph API and won’t run against Exchange Server.

Learn how to exploit the Office 365 data available to tenant administrators through the Office 365 for IT Pros eBook. We love figuring out how things work.

2 Replies to “How to Create a Report of Distribution Lists and their Owners”

  1. Thank you for the script, it works great! I only noticed that if some owners has two or more email addresses (external ones, for example), their name will appear two, three or more times in the owner’s column. Is there a way to avoid this?
    Many thanks for your help!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.