Dynamic Distribution Groups based on user’s home database

With some recent Exchange database consolidation at a client, one of the requirements came up from the CIO to have a way for the company’s communications department to notify people effected by a certain database issue (outage, heavy IO, whatever). We’ll, they have both primary and archive databases, which could be activated on different servers. There were upwards of 100 databases company wide, and so the initial thought was that this is going to be a manual effort to create distribution lists, manage user membership, and hope they never changed database. That wasn’t going to happen.

So I began researching and found this page which got me started down the right path with using dynamic distribution lists (or DDLs). I added a few variables to limit certain databases, and volia – a solution that is easy to implement and stays up to date.

To break down the variables.

First we need to declare a variable ($mbxpri or $mbxarc) for the Get-MailboxDatabase command. If we don’t, we’ll see the error “Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.”

Get-MailboxDatabase | where {$_.Name -notlike “*ARC*” -and $_.Name -notlike “*DED*” -and $_.Name -notlike “*TEST*” -and $_.Recovery -like ‘False’}

  • This gets a listing of all databases, and excludes the ones that contain the characters ARC, DED, & TEST. It also excludes any Recovery databases.

% { New-DynamicDistributionGroup -Name “$($_.Name) Primary Mailbox Users” -Alias “PRI.$($_.Name)” -RecipientFilter “RecipientType -eq ‘UserMailbox’ -and Database -eq ‘$($_.Identity.DistinguishedName)'” -OrganizationalUnit “company.corp” }

  • The % sign is the equivilent of “for each” item in the Get-MailboxDatabase array. We’ve piped the results to the New-DynamicDistributionGroup command and from here we use the $($_.Name) variable in the array. We assign the Name and Alias, then begin to build the RecipientFilter. Here, we include only UserMailbox recipients, and pull the DistinguishedName of the database from Active Directory. This is how it knows which databases we’re referencing. Finally, we specify the entire AD domain using the OrganizationalUnit command, otherwise it defaults to the company.corp/Users OU.

% { Set-DynamicDistributionGroup -Identity $($_.Name) -HiddenFromAddressListsEnabled $False -AcceptMessagesOnlyFromDLMembers “Exchange2010DatabaseNotificationSenders” }

  • Once again, we pipe the array member to a Set-DynamicDistributionGroup, and have the option to hide it from the GAL (HiddenFromAddressListsEnabled). Also, we’re limiting the ability for our support staff, whom are members of the DL “Exchange2010DatabaseNotificationSenders” by setting the AcceptMessagesOnlyFromDLMembers.

Now, the final command for the primary databases:

$mbxpri = get-mailboxdatabase | where {$_.Name -notlike “*ARC*” -and $_.Name -notlike “*DED*” -and $_.Name -notlike “*TEST*” -and $_.Recovery -like ‘False’ -and $_.ReplicationType -like ‘Remote’}
| % { New-DynamicDistributionGroup -Name “$($_.Name) Primary Mailbox Users” -Alias “PRI.$($_.Name)” -RecipientFilter “RecipientType -eq ‘UserMailbox’ -and Database -eq ‘$($_.Identity.DistinguishedName)'” -OrganizationalUnit “company.corp” } | % { Set-DynamicDistributionGroup -Identity $($_.Name) -HiddenFromAddressListsEnabled $False -AcceptMessagesOnlyFromDLMembers “Exchange2010DatabaseNotificationSenders” }

Then the ones for the archive databases

$mbxarc = get-mailboxdatabase | where {$_.Name -notlike “*-MBX*” -and $_.Name -notlike “*DED*” -and $_.Name -notlike “*TEST*” -and $_.Recovery -like ‘False’ -and $_.ReplicationType -like ‘Remote’}
$mbxarc | % { New-DynamicDistributionGroup -Name “$($_.Name) Primary Mailbox Users” -Alias “PRI.$($_.Name)” -RecipientFilter “RecipientType -eq ‘UserMailbox’ -and Database -eq ‘$($_.Identity.DistinguishedName)'” -OrganizationalUnit “company.corp” } | % { Set-DynamicDistributionGroup -Identity $($_.Name) -HiddenFromAddressListsEnabled $False -AcceptMessagesOnlyFromDLMembers “Exchange2010DatabaseNotificationSenders”

The final step was then to add users to our group allowed to send, and in our process the IT staff notifies the communications team, and meets the requirements of the CIO.

Chris Blackburn

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.