Wednesday, April 20, 2016

Create cloud-only contact objects in Exchange Online to represent on-premises dynamic distribution lists

Scenario:
When running in an Exchange Hybrid configuration, DirSync/AADSync takes care of maintaining a consistent Global Address List (GAL) for both on-premises and cloud users. The one exception is with regards to Dynamic Distribution Groups; these objects need special care to ensure that the recipient filters produce the desired results and for the objects to show up in the cloud GAL.

Issue:
Neither DirSync nor AADSync will synchronize Dynamic Distribution Groups to Windows Azure Active Directory. As a result, Dynamic Distribution Groups located on-premises will not appear in the GAL for Exchange Online users.

Solution:
To make these groups appear, Microsoft recommends creation of a contact object directly in Exchange Online with the SMTP address of the on-premises dynamic group. Since the contact is created on the cloud side and the dynamic group does not sync, there is no risk of an address conflict. The Exchange Online users can then see the “group” (really represented by a contact) in the GAL and sending a message to it will route on-premises where the group members will be evaluated.

The PowerShell script below will handle creation of the contact objects in Exchange Online for all Dynamic Distribution Groups on-premises. It adds also on-premises legacyExchangeDN as X500 to cloud contact to resolve "Outlook Autocomplete" issue (that you might have after mailbox migration to Exchange Online)

$CloudCredential = Get-Credential
Write-Host
Write-Host "Getting Dynamic Distribution Groups..." -foregroundcolor white
Set-AdServerSettings -ViewEntireForest $True
$DDGs = Get-DynamicDistributionGroup
Write-Host "  Dynamic Distribution Groups Found:" ($DDGs).count -foregroundcolor green

# Connect to Exchange Online with "Cloud" prefix
Write-Host "Connecting To Exchange Online..." -foregroundcolor white
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $CloudCredential -Authentication Basic -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $Session -Prefix Cloud -DisableNameChecking | Out-Null

# Create Contacts in Exchange Online
foreach ($DDG in $DDGs) {
  Write-Host "  Creating Contact Object For:" $DDG.DisplayName.ToString() -foregroundcolor green
  New-CloudMailContact -ExternalEmailAddress $DDG.PrimarySmtpAddress.ToString() -Name $DDG.Name.ToString() -Alias $DDG.Alias.ToString() -DisplayName $DDG.DisplayName.ToString() | Out-Null
  Set-CloudMailContact $DDG.Name -EmailAddresses @{Add=("X500:"+$DDG.LegacyExchangeDn)} -CustomAttribute1 "On-Premises DDG" -RequireSenderAuthenticationEnabled $true
}

# Disconnect Exchange Online Session
Write-Host "Disconnecting From Exchange Online..." -foregroundcolor white