Hey folks, I hope you're doing well! I'm reaching out for some help on setting up Dynamic Distribution Groups in our Azure environment. We're using Entra and have some custom attributes listed under the "On-premises" section for our users, specifically tracking locations.
The issue I'm facing is that when I try to filter users based on these attributes in Exchange, I can't seem to get the correct users to populate in my Dynamic Distribution Group. I've been attempting to use "CustomAttribute3" in the filter, looking for users with '123' in that attribute. However, some users have similar values, like '1123' or multiple entries, such as '762,123,223'. Here's the command I'm working with:
`Set-DynamicDistributionGroup -Name "Important Dynamic Group" -RecipientFilter "RecipientTypeDetails -ne 'DisabledUser' -and RecipientType -eq 'UserMailbox' -and (CustomAttribute3 -like '123' -or CustomAttribute3 -like '123,' -or CustomAttribute3 -like ',123' -or CustomAttribute3 -like ',123,')" -PrimarySmtpAddress "[email protected]" -RequireSenderAuthenticationEnabled $false -Identity "[email protected]"`
I'm missing something in getting the users to show up based on this filter. Any insights would be greatly appreciated! Thanks in advance!
4 Answers
For clarification, I found this information: the custom attributes in Exchange are actually labeled in Active Directory as **ms-Exch-Extension-Attribute1** through **ms-Exch-Extension-Attribute15**. In the Exchange Management Shell, they're referred to as *CustomAttribute1* through *CustomAttribute15*. It's useful for storing Active Directory data without needing to extend the schema. Hopefully, this helps you understand the properties better!
Check out this link for a hint: http://byronwright.blogspot.com/2014/10/extension-custom-attributes-for-dynamic.html. It might give you some clarity on handling those extension attributes better!
You might want to try using 'extensionAttribute3' directly in your filter, and switch to '-eq' instead of '-like' for the exact matches. This way, you can narrow it down better without catching all the similar values.
I appreciate the suggestion! I did give that a shot, but still no luck in pulling in the users.
Also, just a heads up, the extension attribute you’re mentioning could be different from the on-premises extension attributes, so that might be the issue.
I made some adjustments to your command that might help:
`Set-DynamicDistributionGroup -Name "Important Dynamic Group" -RecipientFilter "((RecipientTypeDetails -ne 'DisabledUser') -and (RecipientType -eq 'UserMailbox') -and (((CustomAttribute3 -eq '123') -or (CustomAttribute3 -eq '123,') -or (CustomAttribute3 -eq ',123') -or (CustomAttribute3 -eq ',123,'))))" -PrimarySmtpAddress -eq '[email protected]' -RequireSenderAuthenticationEnabled $false -Identity "[email protected]"`
Testing your recipient filter with a command like `get-recipient -recipientfilter $recipientfilter` can save you a lot of time instead of editing the group constantly. Also, remember to run `Set-DynamicDistributionGroup -Identity -ForceMembershipRefresh`. I had to do that recently because my group membership didn’t update even with the correct filter.
Thanks a ton for this! I’ll test it out later since I have to run everything live. I’ll keep you updated on how it works out!
Thanks for the link! It actually provided some useful insights!