Photo by Min An on Pexels.com

Azure AD Connect doesn’t sync Dynamic DLs to Office 365. So you would have to recreate. There are 2 options based on whether centralized transport is enabled or not

  • If enabled, you can create mail contacts in Office 365 and then email will be routed on-premise and that will take care of group expansion based on query and email will be delivered to respective members in office 365 or on premise.
  • If disabled, Create dynamic distribution groups in Office 365 and keep a mail contact on premise, if you expect email to be sent from on premise to the dl as well.

Consider these to create dynamic groups in office 365 :

  • Office 365 doesn’t know about On Premise organization unit structure , hence many dynamic DLs, relying on OU for user membership would have to be rewritten.
  • All on premise attributes are not synced to Office 365, so make sure to cross check if attribute used on prem are in office 365 or not and choose alternatives.
  • On Premise LDAP queries will not work in Office 365.

In this example, we have an on-premise dynamic distribution group with below query and the same will be created in Office 365.

Set-DynamicDistributionGroup -Identity 'All Employees, Sales' -RecipientFilter {((Department -eq 'Sales') -OR ((MemberOfGroup -eq "CN=All Employees\, Technology,OU=Groups,DC=lab,DC=local")))}

This dynamic DL in Office 365 , would be created with these requirements :

  • Include all users of Department Name = Sales.
  • Add Members of “HRUsers” as well.
  • Do not include disabled employees.

First Find out the DistinguishedName of All Employees, Technology from Office 365, It will be used later to create Dynamic DL.

PS C:\WINDOWS\system32> get-distributionGroup "HRUsers" | fl DisplayName, DistinguishedName
DisplayName       : HRUsers
DistinguishedName : CN=HRUsers,OU=learntechfuture.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=INDPR01A006,DC=PROD,DC=OUTLOOK,DC=COM

This command will create the DL with above requirement in Office 365 : 

New-DynamicDistributionGroup -Name 'All Employees, Sales' -Alias AllEmployeesSales -RecipientFilter {((Department -eq 'Sales') -OR ((MemberOfGroup -eq "CN=HRUsers,OU=learntechfuture.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=INDPR01A006,DC=PROD,DC=OUTLOOK,DC=COM")))}

You can use same approach to include and exclude more users and group.

If you have to exclude a DL or a properties, you can below syntax : 

-AND -not(CustomAttribute1 -eq 'Value')

Thank you for reading !