cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Dynamic Distribution List based on multiple AAD fields

%3CLINGO-SUB%20id%3D%22lingo-sub-2060912%22%20slang%3D%22en-US%22%3EDynamic%20Distribution%20List%20based%20on%20multiple%20AAD%20fields%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2060912%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20need%20to%20make%20a%20dynamic%20distribution%20list%20based%20on%20following%20criteria%3A%3C%2FP%3E%3CP%3E%3CEM%3EJob%20title%3C%2FEM%3E%26nbsp%3Bis%20'Job1'%20or%20'Job2'%20or%20'Job3'%26nbsp%3B%20and%20%3CEM%3EBlock%20sign%20in%3C%2FEM%3E%20is%20'No'.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20please%20help%20me%20with%20PowerShell%26nbsp%3B%3CSPAN%3ERecipientFilter%20parameters%20for%20this%20task%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2060912%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2061475%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20Distribution%20List%20based%20on%20multiple%20AAD%20fields%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2061475%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20this%20for%20Exchange%20Online%3F%20If%20so%20I'm%20afraid%20there%20is%20no%20good%20answer%20here%2C%20it%20depends%20on%20what%20exactly%20you%20mean%20by%20%22block%20sign%20in%22%20-%20is%20this%20the%20AzureAD%20BlockCredential%20attribute%2C%20or%20the%20Exchange-specific%20ones%20(AccountDisabled%2FExchangeUserAccountControl%2FUserAccountControl).%20They%20do%20not%20always%20match%20in%20value%2C%20which%20poses%20a%20challenge%20here.%20Only%20one%20of%20these%20can%20actually%20be%20used%20for%20filtering%20though%20(UserAccountControl)%2C%20so%20try%20that.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOther%20than%20that%20it's%20just%20stringing%20them%20together%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%7B(Title%20-eq%20%22Job1%22%20-or%20Title%20-eq%20%22Job2%22)%20-and%20(UserAccountControl%20-eq%20%22AccountDisabled%2C%20NormalAccount%22)%7D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2061616%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20Distribution%20List%20based%20on%20multiple%20AAD%20fields%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2061616%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20answer!%3C%2FP%3E%3CP%3EThis%20is%20indeed%20for%20Exchange%20Online.%3C%2FP%3E%3CP%3EThe%20two%20fields%20I%20was%20referring%20to%20are%20from%20AzureAD%20User%20Profile%2C%20I%20don't%20know%20if%20%3CEM%3EBlock%20sign%20in%3C%2FEM%3E%20has%20a%20match%20in%20Exchange%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Capture.PNG%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F246410i8ECA90620FA4E17E%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Capture.PNG%22%20alt%3D%22Capture.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EI%20will%20try%20your%20suggestion.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20again!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2065578%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20Distribution%20List%20based%20on%20multiple%20AAD%20fields%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2065578%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F545913%22%20target%3D%22_blank%22%3E%40Cris20%3C%2FA%3E%26nbsp%3BVasil%20prompted%20me%20to%20look%20at%20this%20request.%20This%20code%20worked%20for%20me...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%24Filter%20%3D%20%22((Title%20-like%20'Architect')%20-and%20(ExchangeUserAccountControl%20-ne%20'AccountDisabled'))%22%3C%2FP%3E%0A%3CP%3ENew-DynamicDistributionGroup%20-Name%20%22Architects%22%20-DisplayName%20%22System%20and%20Engineering%20Architects%22%20-Alias%20AllArchitects%20-PrimarySmtpAddress%20Architects%40Office365itpros.com%20-RecipientFilter%20%24Filter%3C%2FP%3E%0A%3CP%3ESet-DynamicDistributionGroup%20-Identity%20AllArchitects%20-ManagedBy%20Tony.Redmond%20-MailTip%20%22Distribution%20List%20for%20anyone%20with%20Architect%20in%20the%20job%20title%22%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETR%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2069896%22%20slang%3D%22en-US%22%3ERe%3A%20Dynamic%20Distribution%20List%20based%20on%20multiple%20AAD%20fields%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2069896%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64%22%20target%3D%22_blank%22%3E%40Tony%20Redmond%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%20It%20worked!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20to%20chain%20multiple%20conditions%20for%20the%20filter%20because%2C%20from%20what%20I've%20read%2C%20wildcards%20can't%20be%20used%20as%20first%20character%20in%20%3CEM%3ERecipientFilter%3C%2FEM%3E.%3C%2FP%3E%3CP%3EI%20have%20many%20job%20titles%20like%20Architect%20(Junior%20Architect%2C%20Lead%20Architect%2C%20Senior%20Architect%2C%20etc)%2C%20a%20few%20variations%20for%20Associate%20and%20for%20Partner%20and%20I%20need%20to%20include%20all%20in%20filter.%20I%20tried%20%22%3CEM%3ETitle%20-like%20'*Architect'%20-or%20Title%20-like%20'*Associate'%20-or%20Title%20-like%20'*Partner'%22%3C%2FEM%3E%2C%20but%20got%20an%20error.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20more%20elegant%20solution%20than%20a%20dozen%20of%20%3CEM%3E-or%3C%2FEM%3E%20conditions%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Cris20
Occasional Contributor

‎01-14-2021 06:23 AM

‎01-14-2021 06:23 AM

Dynamic Distribution List based on multiple AAD fields

Hello,

 

I need to make a dynamic distribution list based on following criteria:

Job title is 'Job1' or 'Job2' or 'Job3'  and Block sign in is 'No'.

 

Can you please help me with PowerShell RecipientFilter parameters for this task?

 

Thank you!

Labels:
131 Views
0 Likes
5 Replies
Reply
5 Replies
Vasil Michev

‎01-14-2021 08:42 AM

‎01-14-2021 08:42 AM

Re: Dynamic Distribution List based on multiple AAD fields

Is this for Exchange Online? If so I'm afraid there is no good answer here, it depends on what exactly you mean by "block sign in" - is this the AzureAD BlockCredential attribute, or the Exchange-specific ones (AccountDisabled/ExchangeUserAccountControl/UserAccountControl). They do not always match in value, which poses a challenge here. Only one of these can actually be used for filtering though (UserAccountControl), so try that.

 

Other than that it's just stringing them together:

 

{(Title -eq "Job1" -or Title -eq "Job2") -and (UserAccountControl -eq "AccountDisabled, NormalAccount")}

0 Likes
Reply
Cris20

‎01-14-2021 09:00 AM

‎01-14-2021 09:00 AM

Re: Dynamic Distribution List based on multiple AAD fields

@Vasil Michev 

Thank you for your answer!

This is indeed for Exchange Online.

The two fields I was referring to are from AzureAD User Profile, I don't know if Block sign in has a match in Exchange

 

Capture.PNG

I will try your suggestion. 

 

Thanks again!

0 Likes
Reply
Best Response confirmed by Cris20 (Occasional Contributor)
Tony Redmond

‎01-15-2021 11:24 AM

‎01-15-2021 11:24 AM

Solution

Re: Dynamic Distribution List based on multiple AAD fields

@Cris20 Vasil prompted me to look at this request. This code worked for me...

 

$Filter = "((Title -like 'Architect') -and (ExchangeUserAccountControl -ne 'AccountDisabled'))"

New-DynamicDistributionGroup -Name "Architects" -DisplayName "System and Engineering Architects" -Alias AllArchitects -PrimarySmtpAddress Architects@Office365itpros.com -RecipientFilter $Filter

Set-DynamicDistributionGroup -Identity AllArchitects -ManagedBy Tony.Redmond -MailTip "Distribution List for anyone with Architect in the job title"

 

TR

0 Likes
Reply
Cris20

‎01-18-2021 12:42 AM

‎01-18-2021 12:42 AM

Re: Dynamic Distribution List based on multiple AAD fields

@Tony Redmond 

 

Thank you. It worked!

 

I had to chain multiple conditions for the filter because, from what I've read, wildcards can't be used as first character in RecipientFilter.

I have many job titles like Architect (Junior Architect, Lead Architect, Senior Architect, etc), a few variations for Associate and for Partner and I need to include all in filter. I tried "Title -like '*Architect' -or Title -like '*Associate' -or Title -like '*Partner'", but got an error.

 

Is there a more elegant solution than a dozen of -or conditions?

0 Likes
Reply
Tony Redmond

‎01-18-2021 01:07 AM

‎01-18-2021 01:07 AM

Re: Dynamic Distribution List based on multiple AAD fields

@Cris20 Unfortunately, you'll have to include multiple conditions, which is what I did when I wrote the problem up:

 

How to Create Exchange Dynamic Distribution List with Custom Recipient Filters

Exchange dynamic distribution lists allow messages to be sent to sets of recipients determined by a query against the directory. A custom filter is a powerful way to find the right set of recipients. In this case, we want to find mailboxes with certain job titles whose Azure AD accounts are not blocked for sign-in. Here’s how to create the filter, make sure it works, and create the DDL.

 

https://office365itpros.com/2021/01/18/create-exchange-dynamic-distribution-list-custom-recipient-fi...

1 Like
Reply