New-DynamicDistributionGroup cmdlet parameter unavailable and documentation is incomplete

Steel Contributor

I want to create a new dynamic distribution group and face some issues.


1. The cmdlet and the documentation is missing the RequireSenderAuthenticationEnabled parameter.


This command is not listed in the documentation. When using it, the error A parameter cannot be found that matches parameter name 'RequireSenderAuthenticationEnabled'. is thrown.


However, when opening the settings of an existing dynamic distribution group, I can very well change the setting. The parameter is also available for the New-DistributionGroup cmdlet.




2. Auto complete shows a parameter -DirectMembershipOnly


Auto complete shows a parameter -DirectMembershipOnly. There is nothing about that in the documentation and I don't find that option in the group settings in the ECP. I assume it has to do with nested email enabled security group, but a clarification would be nice.


5 Replies

'RequireSenderAuthenticationEnabled' is available post-creation, via the Set-DynamicDistributionGroup cmdlet.


-DirectMembershipOnly seems to be new, and it would've been nice indeed if we had proper documentation. You can leave feedback on the article directly and request it to be updated.

> 'RequireSenderAuthenticationEnabled' is available post-creation


@Vasil Michev Yes, I noticed this, too. But why only post-creation, though?

Many properties are only available post-creation, for other recipient types such as mailboxes as well.

About that missing documentation on DirectMembershipOnly, sorry about that. We will get that updated. Here is a description:


Dynamic Distribution groups can be used when creating MemberOf conditions for any type of rule. Example of such rules are Mailflow Rules, Journaling Rules, DLP Rules, Safe Attachment & Safe Link Rules and Antispam/Content Filter rules.
When this flag gets set, the MemberOf check will only consider direct members of the group, and not continue to check membership of possible subgroups.

Setting this flag enables an optimization which makes the MemberOf check significantly more efficient and faster. It is uncommon for Dynamic Distribution Groups to have subgroups, so setting this flag is highly recommended for Dynamic Groups when the group is used for MemberOf conditions in rules, and the dynamic group is not supposed to have subgroups.

This flag does not change the behavior when sending an email to a dynamic distribution group. That means that if email; gets sent to a dynamic distribution group which includes subgroups., the members of those sub groups will still get the message.
But if the flag is set, those members of subgroups will not be considered a (direct) member of the dynamic distribution group.

Let me know if this is clear/unclear.