HOW TO: Create a Dynamic Distribution Group by country or city

by Bharat Suneja

The Exchange console does not have pre-canned filter options for Country or City to be able to create a Dynamic Distribution Group (DDG, aka “Query-Based Distribution Group”) for all recipients or mailboxes in a particular country or city. You can use options to filter on Department, Company, State or Province, or the custom/extension attributes 1-15.

Screenshot: Exchange Management Console filtering options for new Dynamic Distribution Groups
Fig. 1: You can filter on Department, Company, State or Province or extension attributes 1-15 using pre-canned filters

If your Active Directory OUs are structured based on location (country/state/city), you can simply scope the DDG to that OU using the Exchange console, as shown in the following screenshot.

Screenshot: Exchange Management Console - setting scope of Dynamic Distribution Group
Fig. 2: You can set the scope of the DDG to a particular OU or container. Click here to see the complete dialog box.

However, if that’s not the case (e.g. OU structure is based on business units or departments, etc.), you will need to use the Exchange shell to create a DDG with a custom filter.

To create a DDG for all user mailboxes from a particular country:

New-DynamicDistributionGroup -Name “US-Users” -OrganizationalUnit “OUorContainerNameToCreateGroupIn” -RecipientContainer “yourdomain.com” -RecipientFilter {RecipientType -eq “UserMailbox” -and CountryOrRegion -eq “United States”}

You can change the RecipientType to include other types of recipients.

To view recipients/mailboxes returned by the RecipientFilter: “HOW TO: View membership of a Dynamic Distribution Group“.

Similarly, to create a DDG for all user mailboxes from a particular city:

New-DynamicDistributionGroup -Name “SF-Users” -OrganizationalUnit “OUorContainerNameToCreateGroupIn” -RecipientContainer “yourdomain.com” -RecipientFilter {RecipientType -eq “UserMailbox” -and City -eq “San Francisco”}

{ 11 comments… read them below or add one }

scrantic August 13, 2007 at 6:10 pm

Is there anyway to secure access to who can send to these dynamic distribution groups?

Reply

Bharat Suneja August 13, 2007 at 6:20 pm

– By default Dynamic Distribution Groups don’t accept mail from unauthenticated senders (i.e. internet senders)
– You can restrict who can send to these groups by:
1) Using the Exchange console -> group properties | Mail Flow Settings tab | Message Delivery Restrictions | select “Only senders in the following list” | click Add | add recipients.
2) Using the Exchange shell:
Set-DynamicDistributionGroup “MyDDG” -AcceptMessagesOnlyFrom “[email protected]

Reply

scrantic August 13, 2007 at 7:57 pm

Thanks for that makes perfect sense now I look at what was staring me in the face :)

Reply

cr February 7, 2008 at 7:48 am

I do not see my DDG’s in Outlook or OWA… We are on Exchange 2007 SP1.

Reply

Anonymous June 6, 2008 at 12:05 am

Quote

“2) Using the Exchange shell:
Set-DynamicDistributionGroup “MyDDG” -AcceptMessagesOnlyFrom “[email protected]

works great if acceptmessageonlyfrom is only [email protected].

Is there a way to populate more than one emailaddress ? Because i have 2 users who are allowed to use this MyDDG distribution list.

Reply

Bharat Suneja June 6, 2008 at 12:10 am

You can add multiple values:
Set-DynamicDistributionGroup “MyDDG” -AcceptMessagesOnlyFrom “[email protected]”,”[email protected]”,”[email protected]

Next question (if I can anticipate correctly :) – How do I update this list? Do I have to type all the addresses again??

Here’s how multivalued properties can be updated:
HOW TO Update multi-valued attributes in PowerShell

Reply

Matt May 5, 2009 at 12:57 pm

I am having trouble getting this command to run rights. I am just wanting to grant a list of mailboxes rights send to a DL(s).

I get error saying this names are not valid in my csv file.

Import-csv c:\SOtest2.csv | ForEach-Object {Set-DistributionGroup -Identity $_.Identity -AcceptmessagesOnlyFrom $_.AcceptmessagesOnlyFrom}

Reply

Bharat Suneja May 5, 2009 at 10:34 pm

@Matt: It’s hard to say without seeing sample row/data from your csv.
Also note, AcceptedMessagesOnlyFrom is a multivalued attribute (in case you’re trying to add different values in separate operations… ).

Look at another post about PowerShell and multivalued attributes:
HOW TO Update multi-valued attributes in PowerShell

Reply

Anonymous April 14, 2014 at 12:04 am

Question here: I’m trying to create dynamic DL to filter/add 2 cities? Command I have: New-DynamicDistributionGroup -Name “Funeral Home Managers ON” -RecipientFilter {(RecipientType -eq ‘UserMailbox’) -and (Title -like ‘Manager*’) -and (StateOrProvince -eq ‘ON’) -or (City -eq ‘Toronto’, ‘Alberta’}. Basically, what im trying to achieve is, when users sends email to DynamicDL “Funeral Home Managers ON”, only managers from ON and City of Toronto and Alberta will be able to receive. Please advise.

Reply

Terence Madzima October 29, 2020 at 6:02 am

Thank you for the script. However am having challenges with creating DL with multiple countries

Set-DynamicDistributionGroup -Identity “xxxxxxxx” -RecipientFilter {((RecipientType -eq ‘UserMailbox’) -and (CountryOrRegion -eq ‘xxxxx,xxxxx,xxxxx,xxxxx,xxxxxx,xxxxxx,xxxxxx’))}

Is that the correct syntax

Reply

Bharat Suneja December 11, 2020 at 3:50 pm

@Terence: No, it’s not the correct syntax. You can’t provide multiple values as comma-separated values in a recipient filter to do a logical OR. Recipient filters use OPATH syntax. You’d need to use the OR logical operator to separate the country names, so something like: (1 -eq 1) -OR (1 -eq 2) -OR (1 -eq 3).

See Recipient filters in Exchange PowerShell commands and about_Logical_Operators.

Reply

Leave a Comment

Previous post:

Next post: