External Identities and Distribution Groups

Copper Contributor

Hi guys,


Does anyone know if it's possible to create a distribution group of B2B users created from cross-tenant syncronisation? The mechanism provisions them in the respective tenants as 'Member' userTypes but with externalAD as the identity provider. I can setup groups with dynamics rules to make them members but when emailing the group it just delivers to the group inbox and not individual users.


I've created a group based on this:


$group = "CollabTest-All_Users"

$newgroup = New-AzureADMSGroup -DisplayName "$group" `
     -Description "$group" `
     -MailEnabled $True `
     -SecurityEnabled $True `
     -MailNickname $group `
     -GroupTypes "DynamicMembership", "Unified" `
     -MembershipRule "(user.mail -contains ""@example.co.uk"")" `
     -MembershipRuleProcessingState "Paused"

Sleep 15

Set-UnifiedGroup `
    -identity $group `
    -AutoSubscribeNewMembers:$true `
    -AlwaysSubscribeMembersToCalendarEvents:$false `
    -HiddenFromExchangeClientsEnabled:$true `
    -UnifiedGroupWelcomeMessageEnabled:$false `

Set-AzureADMSGroup -Id $newgroup.id -MembershipRuleProcessingState "On"


The AutoSubscribeNewMembers should mean that email for the group is delivered to the inbox as well and this seems to work for native tenant members but not external tenant members.


From my understanding - B2B Collab users that are guests also have mailContacts created when they are invited and provisioned, unlike B2B Cross-sync users.


The use case for this is to simplify distribution group management for company mergers/acquisitions where the subsidiaries will still maintain their own tenants but require a unified communication platform.


Have I missed the obvious here?

3 Replies
I'm not sure how the AutoSubscribeNewMembers flag works with dynamic membership, you might have to add them manually to the "subscribers" list. Or use a regular DG instead.
We've got internal Unified Groups that use the same config I posted above without any issue at all. The problem only rears its head when external Members are in the mix.

As cross-tenant sync users are members, not guests, they cannot be added to a distribution group (unless the config's gone wonky and we just simply have an issue with our tenant). Both UI and PowerShell state user cannot be found, but can be found with Get-AzureADUser and in the portal.

The only thing that stands out is that member and guest users have an EXO presence either as a mailboxUser, mailUser, or guestMailUser, whereas external members do not.
In the default configuration, external users will be synced as MailUser objects on Exchange side, so they can be added just fine to any Exchange group. If that's not what you are seeing, check your sync config, make sure the mail attribute is mapped and so on.