Dynamic Distribution Group User Exclusion Recipient Filter

Copper Contributor

I have a dynamic distribution group that uses Office locations for its recipient filter. 
It is able to pick up all of the users needed, however, there are a few service accounts I want to exclude from the dynamic group. 

I know the easy answer is to remove the Office info from the service accounts, however I'd prefer not to. As I'm using this example as a test for excluding users from future dynamic distribution groups that we're going to be migrating to exchange online.

Here is an example of the recipient filter in use:

$filter = "((Office -eq 'Spokane, WA') -or (Office -eq 'Sandpoint, ID') -and (RecipientType -eq 'UserMailbox') -and (RecipientTypeDetails -eq 'UserMailbox')) -and (-not(UserPrincipalName -like 'email address removed for privacy reasons' -or 'email address removed for privacy reasons')))"

The service accounts still appear in the dynamic group's recipient list. 

3 Replies
Put some additional () around the Office conditions, they should all be in the same group. You can also try replacing the UserPrincipalName with something like Name or Alias, as there is some fishy behavior with it, especially when combined with -like.

How are you checking the membership? If using the Get-DynamicDistributionGroupMember cmdlet, remember it only updates once every 24h or so.

@VasilMichev 

I have been using the (get-dynamicdistributiongroupmember -identity $identity | Select-object DisplayName,PrimarySmtpAddress) to get recipients. 

I've also been using: 

$filter = $TheRecipientFilterSyntax
Get-Recipient -filter $filter | Select-object DisplayName,PrimarySmtpAddress

I'm testing with the following now: 
"(((Office -eq 'Spokane, WA')) -or ((Office -eq 'Sandpoint, ID')) -and (RecipientType -eq 'UserMailbox') -and (RecipientTypeDetails -eq 'UserMailbox') -and (-not(Name -like '<service-account's-name>')) -and (-not(Name -like '<service-account's-name>*')))"

I've got a wild-card on the last one because there's a handful of service accounts with ascending numbers that match that ANR. 

Thanks for the tip! Hopefully this gets the results I'm looking for. 
Will check back in next week.

Unfortunately the exclusion did not take successfully and the service accounts are still being shown as recipients.