Forum Discussion

DougTraylor's avatar
DougTraylor
Copper Contributor
Mar 24, 2020
Solved

Create an Office 365 Dynamic Distribution List from members of an Azure AD Security Group

Greetings.  We are trying to create a DDL from an on premise AD security group that is replicating to our Azure AD.  I have checked the Azure group, and it has all 3050 users in it that the OnPrem gr...
admin
exchange online
Exchange Server
office 365
  • VasilMichev's avatar
    VasilMichev
    Mar 25, 2020

    What you need to provide for the MemberOfGroup filter is the DistinguishedName of the group, which you can get from Get-Group/Get-DistributionGroup/etc. And yes, it does differ between on-premises and the cloud.

     

    If your group is not mail-enabled though, chances are you will not be able to "see" it with any of the Exchange cmdlets, so that method will not work. 

aliat_IMANAMI's avatar
aliat_IMANAMI
Brass Contributor
Aug 03, 2021

DougTraylor 

 

In my opinion the answers to the above question are,
1) Yes the CN value changes for the https://bit.ly/3rZe4ws after migration to the cloud (Azure AD).

2) Microsoft has restricted the exposure of CN in Azure Schema. In my opinion, Azure Objects lack OU structure.

Moreover, It's simply not exposed anywhere. But as CN is practically a part of the DistinguishedName attribute, you can get it from the value of the attribute onPremisesDistinguishedName, which is available via the Graph or Azure AD (Get-AzureADUserExtension, or group extension property).


3) Yes attaching the Object ID of the group to the group name once you have the correct CN for the Azure AD group, would work.

Resources