• 1. London, UK
  • 2. New York, NY
  • 3. Sydney, Australia
  • 4. Melbourne, Australia
  • 5. Moscow, Russia
  • 6. Singapore
  • 7. Paris, France
  • 8. Chicago, IL
  • 9. Hong Kong
  • 10. Houston, TX

Friday, August 10, 2007


HOW TO: Create a Dynamic Distribution Group by country or city

Posted by Bharat Suneja at 3:53 PM
The Exchange console does not have pre-canned filter options for Country or City to be able to create a Dynamic Distribution Group (DDG, aka "Query-Based Distribution Group") for all recipients or mailboxes in a particular country or city. You can use options to filter on Department, Company, State or Province, or the custom/extension attributes 1-15.

Screenshot: Exchange Management Console filtering options for new Dynamic Distribution Groups
Fig. 1: You can filter on Department, Company, State or Province or extension attributes 1-15 using pre-canned filters

If your Active Directory OUs are structured based on location (country/state/city), you can simply scope the DDG to that OU using the Exchange console, as shown in the following screenshot.

Screenshot: Exchange Management Console - setting scope of Dynamic Distribution Group
Fig. 2: You can set the scope of the DDG to a particular OU or container. Click here to see the complete dialog box.

However, if that's not the case (e.g. OU structure is based on business units or departments, etc.), you will need to use the Exchange shell to create a DDG with a custom filter.

To create a DDG for all user mailboxes from a particular country:

New-DynamicDistributionGroup -Name "US-Users" -OrganizationalUnit "OUorContainerNameToCreateGroupIn" -RecipientContainer "yourdomain.com" -RecipientFilter {RecipientType -eq "UserMailbox" -and CountryOrRegion -eq "United States"}

You can change the RecipientType to include other types of recipients.

To view recipients/mailboxes returned by the RecipientFilter: "HOW TO: View membership of a Dynamic Distribution Group".

Similarly, to create a DDG for all user mailboxes from a particular city:

New-DynamicDistributionGroup -Name "SF-Users" -OrganizationalUnit "OUorContainerNameToCreateGroupIn" -RecipientContainer "yourdomain.com" -RecipientFilter {RecipientType -eq "UserMailbox" -and City -eq "San Francisco"}

Labels: , ,


August 13, 2007 6:10 PM
Blogger scrantic said...

Is there anyway to secure access to who can send to these dynamic distribution groups?

August 13, 2007 6:20 PM
Blogger Bharat Suneja said...

- By default Dynamic Distribution Groups don't accept mail from unauthenticated senders (i.e. internet senders)
- You can restrict who can send to these groups by:
1) Using the Exchange console -> group properties | Mail Flow Settings tab | Message Delivery Restrictions | select "Only senders in the following list" | click Add | add recipients.
2) Using the Exchange shell:
Set-DynamicDistributionGroup "MyDDG" -AcceptMessagesOnlyFrom "[email protected]"

August 13, 2007 7:57 PM
Blogger scrantic said...

Thanks for that makes perfect sense now I look at what was staring me in the face :)

February 7, 2008 7:48 AM
Anonymous cr said...

I do not see my DDG's in Outlook or OWA... We are on Exchange 2007 SP1.

June 6, 2008 12:05 AM
Anonymous Anonymous said...


"2) Using the Exchange shell:
Set-DynamicDistributionGroup "MyDDG" -AcceptMessagesOnlyFrom "[email protected]"

works great if acceptmessageonlyfrom is only [email protected]

Is there a way to populate more than one emailaddress ? Because i have 2 users who are allowed to use this MyDDG distribution list.

June 6, 2008 12:10 AM
Blogger Bharat Suneja said...

You can add multiple values:
Set-DynamicDistributionGroup "MyDDG" -AcceptMessagesOnlyFrom "[email protected]","[email protected]","[email protected]"

Next question (if I can anticipate correctly :) - How do I update this list? Do I have to type all the addresses again??

Here's how multivalued properties can be updated:
HOW TO Update multi-valued attributes in PowerShell

May 5, 2009 12:57 PM
Blogger Matt said...

I am having trouble getting this command to run rights. I am just wanting to grant a list of mailboxes rights send to a DL(s).

I get error saying this names are not valid in my csv file.

Import-csv c:\SOtest2.csv | ForEach-Object {Set-DistributionGroup -Identity $_.Identity -AcceptmessagesOnlyFrom $_.AcceptmessagesOnlyFrom}

May 5, 2009 10:34 PM
Blogger Bharat Suneja said...

@Matt: It's hard to say without seeing sample row/data from your csv.
Also note, AcceptedMessagesOnlyFrom is a multivalued attribute (in case you're trying to add different values in separate operations... ).

Look at another post about PowerShell and multivalued attributes:
HOW TO Update multi-valued attributes in PowerShell


Post a Comment

Links to this post:

Create a Link

<< Home