Home

Dynamic DL or group based on org hierarchy?

%3CLINGO-SUB%20id%3D%22lingo-sub-688613%22%20slang%3D%22en-US%22%3EDynamic%20DL%20or%20group%20based%20on%20org%20hierarchy%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688613%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20create%20a%20dynamic%20DL%20or%20group%20based%20on%20org%20hierarchy%3F%20For%20example%20if%20the%20Global%20HR%20Director%20wants%20to%20communicate%20to%20everyone%20in%20HR...%3C%2FP%3E%3CP%3EAs%20of%20right%20now%20because%20of%20a%20recent%20acquisition%2C%20the%20data%20we%20have%20for%20users%20is%20not%20too%20accurate%20(department%2C%20business%20unit%2C%20etc)%20but%20people%20have%20been%20%22assigned%22%20to%20the%20right%20managers.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20way%20to%20do%20this%3F.%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3ECristina%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-688613%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDynamic%20DL%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-688707%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20DL%20or%20group%20based%20on%20org%20hierarchy%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-688707%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F256622%22%20target%3D%22_blank%22%3E%40CG-1717%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20should%20be%20able%20to%20do%20an%20advanced%20dynamic%20rule...%20(condition1)%20or%20(condition2)%20and%20(accountenabled%20%3D%20true).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReference%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fusers-groups-roles%2Fgroups-dynamic-membership%3C%2FA%3E%3C%2FP%3E%3CH3%20id%3D%22toc-hId-1570216731%22%20id%3D%22toc-hId-1570216731%22%20id%3D%22toc-hId-1570216731%22%20id%3D%22toc-hId-1570216731%22%20id%3D%22toc-hId-1570216731%22%20id%3D%22toc-hId-1570216731%22%3ECreate%20a%20%22Direct%20reports%22%20rule%3C%2FH3%3E%3CP%3EYou%20can%20create%20a%20group%20containing%20all%20direct%20reports%20of%20a%20manager.%20When%20the%20manager's%20direct%20reports%20change%20in%20the%20future%2C%20the%20group's%20membership%20is%20adjusted%20automatically.%3C%2FP%3E%3CP%3EThe%20direct%20reports%20rule%20is%20constructed%20using%20the%20following%20syntax%3A%3C%2FP%3E%3CDIV%20class%3D%22codeHeader%22%3E%26nbsp%3B%3C%2FDIV%3E%3CPRE%3EDirect%20Reports%20for%20%22%7BobjectID_of_manager%7D%22%3C%2FPRE%3E%3CP%3EHere's%20an%20example%20of%20a%20valid%20rule%20where%20%2262e19b97-8b3d-4d4a-a106-4ce66896a863%22%20is%20the%20objectID%20of%20the%20manager%3A%3C%2FP%3E%3CDIV%20class%3D%22codeHeader%22%3E%26nbsp%3B%3C%2FDIV%3E%3CPRE%3EDirect%20Reports%20for%20%2262e19b97-8b3d-4d4a-a106-4ce66896a863%22%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-689301%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20DL%20or%20group%20based%20on%20org%20hierarchy%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-689301%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20need%20a%20dynamic%20DL%2C%20those%20exist%20only%20in%20Exchange%20Online%20(not%20Azure%20AD)%20and%20you%20must%20use%20the%20Exchange%20cmdlets%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3ENew-DynamicDistributionGroup%20manager%20-RecipientFilter%20%7B(Manager%20-eq%20'CN%3Duser%2COU%3Dtenant.onmicrosoft.com%2COU%3DMicrosoft%20Exchange%20Hosted%20Organizations%2CDC%3DEURPR03A001%2CDC%3Dprod%2CDC%3Doutlook%2CDC%3Dcom')%20-and%20(RecipientType%20-eq%20'UserMailbox')%7D%3C%2FPRE%3E%0A%3CP%3Ewhere%20you%20need%20to%20provide%20the%20full%20DN%20of%20the%20manager.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-690263%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20DL%20or%20group%20based%20on%20org%20hierarchy%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-690263%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3E%3CP%3EIf%20you%20need%20a%20dynamic%20DL%2C%20those%20exist%20only%20in%20Exchange%20Online%20(not%20Azure%20AD)%20and%20you%20must%20use%20the%20Exchange%20cmdlets%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3ENew-DynamicDistributionGroup%20manager%20-RecipientFilter%20%7B(Manager%20-eq%20'CN%3Duser%2COU%3Dtenant.onmicrosoft.com%2COU%3DMicrosoft%20Exchange%20Hosted%20Organizations%2CDC%3DEURPR03A001%2CDC%3Dprod%2CDC%3Doutlook%2CDC%3Dcom')%20-and%20(RecipientType%20-eq%20'UserMailbox')%7D%3C%2FPRE%3E%3CP%3Ewhere%20you%20need%20to%20provide%20the%20full%20DN%20of%20the%20manager.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E-%20you%20can%20do%20it%20in%20Azure%20AD%20with%20the%20'modern%20DL'%20called%20%3CSTRONG%3EOffice365%20Groups%20%3C%2FSTRONG%3Ehaha%20using%20Microsoft%20verbiage%20here!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-690609%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20DL%20or%20group%20based%20on%20org%20hierarchy%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-690609%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20you%20can%2C%20but%20using%20dynamic%20membership%20for%20%22modern%22%20groups%20is%20*paid*%20functionality%2C%20as%20in%20requires%20Azure%20AD%20Premium%20licensing.%20While%20using%20good%20old%20fashioned%20dynamic%20DGs%20in%20Exchange%20Online%20is%20free.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-696073%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20DL%20or%20group%20based%20on%20org%20hierarchy%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-696073%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F328428%22%20target%3D%22_blank%22%3E%40jerome317%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20responses%20here!%20We%20will%20look%20into%20these%20approaches%20and%20see%20what%20works%20for%20us!%20I%20really%20appreciate%20the%20feedback!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECristina%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
CG-1717
Occasional Contributor

Is there a way to create a dynamic DL or group based on org hierarchy? For example if the Global HR Director wants to communicate to everyone in HR...

As of right now because of a recent acquisition, the data we have for users is not too accurate (department, business unit, etc) but people have been "assigned" to the right managers. 

 

Any way to do this?.

Thanks

Cristina

5 Replies

@CG-1717 

 

You should be able to do an advanced dynamic rule... (condition1) or (condition2) and (accountenabled = true).

 

Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

Create a "Direct reports" rule

You can create a group containing all direct reports of a manager. When the manager's direct reports change in the future, the group's membership is adjusted automatically.

The direct reports rule is constructed using the following syntax:

 
Direct Reports for "{objectID_of_manager}"

Here's an example of a valid rule where "62e19b97-8b3d-4d4a-a106-4ce66896a863" is the objectID of the manager:

 
Direct Reports for "62e19b97-8b3d-4d4a-a106-4ce66896a863"

 

 

If you need a dynamic DL, those exist only in Exchange Online (not Azure AD) and you must use the Exchange cmdlets:

 

New-DynamicDistributionGroup manager -RecipientFilter {(Manager -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com') -and (RecipientType -eq 'UserMailbox')}

where you need to provide the full DN of the manager.

 

 


@Vasil Michev wrote:

If you need a dynamic DL, those exist only in Exchange Online (not Azure AD) and you must use the Exchange cmdlets:

 

New-DynamicDistributionGroup manager -RecipientFilter {(Manager -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com') -and (RecipientType -eq 'UserMailbox')}

where you need to provide the full DN of the manager.

 


@Vasil Michev- you can do it in Azure AD with the 'modern DL' called Office365 Groups haha using Microsoft verbiage here!

I know you can, but using dynamic membership for "modern" groups is *paid* functionality, as in requires Azure AD Premium licensing. While using good old fashioned dynamic DGs in Exchange Online is free.

@Vasil Michev @jerome317 

 

Thank you for your responses here! We will look into these approaches and see what works for us! I really appreciate the feedback!

 

Cristina

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
48 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies