Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Dynamic DL or group based on org hierarchy?

Brass Contributor

Is there a way to create a dynamic DL or group based on org hierarchy? For example if the Global HR Director wants to communicate to everyone in HR...

As of right now because of a recent acquisition, the data we have for users is not too accurate (department, business unit, etc) but people have been "assigned" to the right managers. 

 

Any way to do this?.

Thanks

Cristina

5 Replies

@CG-1717 

 

You should be able to do an advanced dynamic rule... (condition1) or (condition2) and (accountenabled = true).

 

Reference: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

Create a "Direct reports" rule

You can create a group containing all direct reports of a manager. When the manager's direct reports change in the future, the group's membership is adjusted automatically.

The direct reports rule is constructed using the following syntax:

 
Direct Reports for "{objectID_of_manager}"

Here's an example of a valid rule where "62e19b97-8b3d-4d4a-a106-4ce66896a863" is the objectID of the manager:

 
Direct Reports for "62e19b97-8b3d-4d4a-a106-4ce66896a863"

 

 

If you need a dynamic DL, those exist only in Exchange Online (not Azure AD) and you must use the Exchange cmdlets:

 

New-DynamicDistributionGroup manager -RecipientFilter {(Manager -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com') -and (RecipientType -eq 'UserMailbox')}

where you need to provide the full DN of the manager.

 

 


@Vasil Michev wrote:

If you need a dynamic DL, those exist only in Exchange Online (not Azure AD) and you must use the Exchange cmdlets:

 

New-DynamicDistributionGroup manager -RecipientFilter {(Manager -eq 'CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR03A001,DC=prod,DC=outlook,DC=com') -and (RecipientType -eq 'UserMailbox')}

where you need to provide the full DN of the manager.

 


@Vasil Michev- you can do it in Azure AD with the 'modern DL' called Office365 Groups haha using Microsoft verbiage here!

I know you can, but using dynamic membership for "modern" groups is *paid* functionality, as in requires Azure AD Premium licensing. While using good old fashioned dynamic DGs in Exchange Online is free.

@Vasil Michev @jerome317 

 

Thank you for your responses here! We will look into these approaches and see what works for us! I really appreciate the feedback!

 

Cristina