New-DistributionGroup: A Misunderstood PowerShell Cmdlet

New-DistributionGroup: A Misunderstood PowerShell Cmdlet

An original Cmdlet

New-DistributionGroup is one of the original cmdlets introduced with Exchange Server 2007, the first major Microsoft product to adopt PowerShell. The cmdlet is still very useful, but it is less necessary in Exchange Online. This is due to the emphasis placed on Microsoft 365 Groups . Microsoft has promoted Microsoft 365 Groups. These have become Outlook Groups and are replacing distribution lists.

Of course, distribution lists (DLs) are the old name for these objects. Microsoft calls them distribution groups and sometimes distribution lists. I’m using the old name for clarity.

No migration tools

Près de sept ans après le lancement de Microsoft 365 Groups, Microsoft n’a pas fourni de bons outils de Nearly seven years after launching Microsoft 365 Groups, Microsoft has failed to provide good migration tools:

• Move distribution lists created on-premises to Exchange Online.
• Convert cloud-created distribution lists to Microsoft 365 Groups. The conversion tool for migrating distribution lists to Microsoft 365 Groups in the legacy EAC is quite limited.

The complexities of migration include:

• enumerating members of nested lists
• managing the situation where some list members are hosted on-site and others online.

As a result, organizations need to design migration tools to bring them online.

Microsoft 365 Groups has received some useful improvements, such as Send As and Send on Behalf of permissions. However, the focus is on membership and identity services for apps like Teams.

Creation of new DLs despite warnings

Today, the new Exchange Admin Center (EAC) gently reprimands those who are going to create a new distribution list (Figure 1).

The same thing is done in the old EAC. And if you dare to run the New-DistributionGroup cmdlet, we tell you:

New! Microsoft 365 Groups are the next generation of distribution lists. Groups give teams shared tools to collaborate using email, files, a calendar, and more. You can get started right away using the New-UnifiedGroup cmdlet.

Despite the warning message, people continue to create distribution lists. They’re ideal for sending emails to large audiences (up to 100,000 recipients). And list members can include many types of email-friendly subject lines, including:

• User mailboxes.
• Shared mailboxes.
• Mail-enabled public folders.
• Other distribution lists, including dynamic distribution lists.
• Email contacts.
• Email users.
• Teams channels (using the special email address created for a channel).

You can even add a Microsoft 365 group to a distribution group’s members (but only with PowerShell). In comparison, Microsoft 365 groups only support:

• users’ mailboxes
• guest accounts as members.

The usefulness of distribution lists is seen in functions such as:

• Teams group policy assignments
• user selection for compliance policies, such as DLP.

In short, mailing lists aren’t going away anytime soon.

Running New-DistributionGroup

This brings me to the New-DistributionGroup cmdlet. You can also create new distribution lists through the admin center. However, this cmdlet is easy and straightforward to use. In fact, the legacy CAE calls the cmdlet when creating new DLs. While the new CAE uses the Microsoft Graph APIs.

Create a simple distribution list

New-DistributionGroup -Name "Practical 365 Authors" -Alias P365.Authors -PrimarySmtpAddress Practical.365.Authors@office365itpros.com -DisplayName "Practical 365 Authors (DL)" -RequireSenderAuthenticationEnabled:$False 

This code creates a new distribution list and:

• Sets an alias, primary SMTP address, and display name.
• Allows external users to send messages to the list (RequireSenderAuthenticationEnabled is False).

Perhaps showing its age, New-DistributionGroup doesn’t allow you to set the DL owner or add members. The Set-DistributionGroup cmdlet allows you to add an owner:

Set-DistributionGroup -Identity P365.Authors -ManagedBy Tony.Redmond

Several other settings control how the DL is used. For example, you can configure a group to be moderated. This means that any message sent to the DL is reviewed by a moderator before being sent. For sensitive DLs, you can specify that only certain people can send messages to the DL. For example, this command enables moderation and designates Tony Redmond as the moderator. It also establishes a restriction on the DL so that Exchange only accepts messages from DL members.

Advanced settings

Set-DistributionGroup -Identity P365.Authors -ModerationEnabled:$true -ModeratedBy Tony.Redmond -AcceptMessagesOnlyFromDLMembers:$True

A recent change allows you to block people sending messages to DLs as a BCC recipient. This is particularly useful for:

• large DLs used for company-wide discussions,
• people use inbox rules to filter messages sent to DL.

The rules will not work if the DL is a BCC recipient. Because the rules cannot filter on BCCs.

Set-DistributionGroup -Identity "Message Board Posting" -BccBlocked $True

Finally, you can grant Send As permission for a DL to a user:

Add-RecipientPermission -Identity P365.Authors -Trustee Tony.Redmond -AccessRights SendAs

Adding members to New-DistributionGroup

First of all, a distribution list is no good without members. You can add individual DL members with Add-DistributionGroupMember. Alternatively, you can update the entire membership in one operation with Update-DistributionGroupMember. Note that members must be recipients authorized to receive messages in the Exchange directory. In other words, if you plan to add an external user to a DL, create a mail contact first.

Add-DistributionGroupMember -Identity P365.Authors -Member Jeff.Guillet
$Members = "Jeff.Guillet", "Tony.Redmond", "Paul.Robichaux"
Update-DistributionGroupMember -Identity P365.Authors -Members $Members -Confirm:$False

With your subscription complete, our new DL is fully operational. It can also be used immediately by sending emails to its SMTP address. Within a day, Exchange will add the new DL to the Offline Address Book (OAB). This will allow it to appear in Outlook’s GAL.

Dynamic distribution lists

A dynamic DL is a DL whose membership is calculated by resolving a query in the directory. The great advantage of dynamic DLs is that they can be used with any Exchange Online license. Microsoft 365 dynamic groups require an Azure AD Premium P1 license.

Dynamic DLs rely on a recipient filter to locate members in the directory. However, custom recipient filters can be quite complex. To make creating dynamic DLs easier, Microsoft uses pre-built filters. These are pre-built filters based on common criteria, such as those that:

• work in a certain country or city
• have a mailbox.

If you create a dynamic distribution list through the EAC, it uses a pre-defined filter. Only dynamic distribution lists created with PowerShell can use custom filters.

For example, this code creates a dynamic distribution list by searching for mailboxes with CustomAttribute9 in Editor.

New-DynamicDistributionGroup -Name P365Editors -DisplayName "Practical 365 Editors DL" -ConditionalCustomAttribute9 Editor -IncludedRecipients MailboxUsers -PrimarySmtpAddress P365.Editors@office365itpros.com -Alias P365.Editors

First of all, I’m not saying that creating complex filters for dynamic distribution lists is easy. But it’s no more difficult than creating the equivalent filters for Microsoft 365 dynamic groups. Finally, since DDLs are free, it’s a great tool to have at your disposal.

Maybe it’s time to reconsider DLs

Microsoft 365 Groups are an important part of the Microsoft 365 ecosystem. However, distribution lists have been a part of email since the early days of email. So, they’re more useful today than ever. Create Microsoft 365 Groups when you need collaboration between SharePoint, Teams, email, and Planner. But if your needs are only for email, distribution lists will do the trick.