Hey everyone! I'm trying to set up a Dynamic Distribution Group (DDG) in Exchange that only includes our internal users. Currently, my filter is pulling in about 1,725 users, which also includes guests and external accounts. However, when I check in Entra after filtering for account enabled users and 'Member' user type, I find that I only have 1,361 active internal users. I'm not sure how to replicate that filter in my PowerShell command and reduce the results to match what I see in Entra. Here's the filter I'm currently using: `$filter = "(recipienttype -eq 'UserMailbox') -and (IsInactiveMailbox -eq '$false') -and (RecipientTypeDetails -ne 'DisabledUser') -and (-not (RecipientTypeDetailsValue -eq 'GuestMailUser'))"`. Any advice would be greatly appreciated! Thanks!
3 Answers
You could try pulling users from your organization and excluding any outside domains. For your filter, something like this might work: `-RecipientFilter "((RecipientTypeDetails -eq 'UserMailbox') -or (RecipientTypeDetails -eq 'MailUser')) -and (-not(PrimarySmtpAddress -like '*#EXT#*'))" -OrganizationalUnit "yourdomain.com/Users"`. I hope that helps! Let me know if it works for you.
Don't forget about shared mailboxes; they show up as UserMailbox but have a recipientTypeDetails of sharedmailbox. Also, if you’re not operating in a hybrid setup, make sure you add filters for on-prem users, and consider checking 'HiddenFromAddressListsEnabled' in your filters.
I don't think filtering DDGs with accountEnabled and userType is possible. You might want to consider creating a dynamic security group instead. To include only internal users, try filtering by RecipientTypeDetails that specifically targets UserMailbox, as those should be the licensed ones for email.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures