Dynamic Distribution Lists in Activate

overview a distribution list or distribution group in exchange is a special type of active directory (ad) object that is assigned a unique smtp address a distribution group can include users, shared mailboxes, contacts, and other types of ad objects that have an e mail address when an e mail message is sent to a distribution group address, it is automatically forwarded to the e mail addresses of all members of the group exchange allows you to create static and dynamic distribution groups (ddg) the membership of a static distribution group is formed manually by adding users to the group membership in a ddg is not permanent and depends on the filters and conditions configured based on data in active directory the membership of a ddg is determined at the time of an email being sent to the ddg or refreshed every 24 hours depending on which version of exchange is being used for example, you can create a dynamic group of users whose department attribute is set to human resources activate manages microsoft static distribution groups as these are the best type of groups for end users to manage for the following reasons business users can view the membership of the group at any time using the activate web portal or their outlook client activate can assign multiple owners to any distribution group as the ownership is stored within the activate metastore all changes to distribution groups using the activate web portal require approval from the assigned owner(s) and all actions are recorded for audit purposes since there is no designated owner assigned directly to a group object in ad, users lack the ability to modify the group except within the activate platform consequently, all modifications made to the distribution group are logged within activate to ensure comprehensive auditing business users have the ability to create new distribution groups and manage their membership, all without requiring administrative privileges within ad or exchange the activate orchestration server carries out all dg related tasks autonomously, eliminating the necessity to raise service desk tickets or involve it administrators for modifications through the activate roles & entitlements manager module, you can streamline the process of generating and filling companywide distribution lists (dls) using data sourced from hris systems this guarantees that the membership of dls tied to specific departments and locations remains precise in accordance with hris data, thus ensuring that emails are accurately directed to the appropriate recipients on premise exchange dynamic distribution lists dynamic distribution groups are mail enabled active directory group objects that are created to expedite the mass sending of email messages and other information within a microsoft exchange organization unlike regular distribution groups that contain a defined set of members, the membership list for dynamic distribution groups (dgs) is calculated each time a message is sent to the group, based on the filters and conditions that you define when an email message is sent to a dynamic dg, it's delivered to all recipients in the organization that match the criteria defined for that group note a dynamic dg includes any recipient in active directory with attribute values that match it's filter if a recipient's properties are modified to match the filter, the recipient could inadvertently become a group member and start receiving messages that are sent to the group well defined, consistent account provisioning processes will reduce the chances of this issue occurring creating dynamic dgs you must be an exchange administrator to create dynamic dgs using either the exchange admin console or exchange management shell and you need to be assigned exchange permissions before you can create dynamic dgs, end users cannot create or modify exchange dgs dynamic dgs are created based on attributes within ad such as company or department if a user account in ad is mistakenly given an incorrect attribute value used by dynamic dgs, they can be added to a sensitive dynamic dgs without the knowledge or approval of the dl owner likewise, if a user is not given the correct name within the company or department attributes, they will not receive emails destined for the company or department ownership a dynamic dg can have only one owner, the group owner appears on the managed by tab of the object in active directory users and computers viewing members end users cannot view the membership of dynamic dgs and therefore cannot see who the email will go to before it is sent the only way to view the members of dynamic dg is to use exchange online powershell to view the list of recipients for a dynamic dg you cannot view members of a dynamic dg in the exchange admin console (eac) more information can be found in the following microsoft article manage dynamic distribution groups | microsoft learn exchange online & microsoft 365 dynamic distribution lists dynamic dgs (ddgs) in exchange online were modernized in april 2022 and further changes have been made in microsoft 365 the membership list is now stored for each ddg and is updated once every 24 hours, however the following caveats apply the list of ddg members might become stale for example, if a user has left a department that was used as a filter for the ddg, they might continue to receive mail that's sent to the ddg for the next 24 hours until the membership list is refreshed mail flow rules (also known as transport rules) are also affected by this behaviour, because the membership list that the mail flow rules use is also refreshed once every 24 hours a ddg includes any recipient in ad with attribute values that match its filter if a recipient's properties are modified to match the filter, the recipient could inadvertently become a group member and start receiving messages that are sent to the group well defined, consistent account provisioning and lifecycle processes will reduce the chances of this issue occurring ddgs are not synced from exchange online to entra id or to your on premises ad, therefore, features such as azure conditional access do not apply to an exchange online dynamic dg creating dynamic dgs as with on premise dynamic dgs, you must be an exchange administrator and use exchange admin tools to both create and make membership changes (changing filters) to ddgs unlike on premise ddgs, exchange online ddgs can take up to 2 hours for the initial membership to be calculated and be available for use this is the same for making any modification to the membership rules for both on premise and exchange online ddgs, you can only use the following ad attributes for membership rules true 330,331 unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type unhandled content type important note the values that you enter for the selected ad attribute must match exactly those that appear in the recipient's properties for example, if you enter washington for state or province, but the value for the recipient's property is wa, the condition will not be met as these attributes are text based, it is very important you use a tool to apply the text in these attributes in a consistent and structured manner to ensure membership of the ddgs is accurate ownership the ownership of ddgs in exchange online is the same as on premise exchange viewing members for exchange online, you need to use exchange online powershell to view the list of recipients for a ddg, you cannot view members of a ddg in the exchange online admin centre (eac) for microsoft 365, you can view the membership within the updated exchange admin centre as well as export the membership to a csv more information can be found in the following microsoft article manage dynamic distribution group in exchange online | microsoft learn activate dynamic lists the concept of dynamic lists within activate varies from microsoft's dynamic groups microsoft's dynamic groups rely on active directory (ad) attributes, which can sometimes be inadequately maintained, and this lack of data management in ad can result in misdirected emails business users cannot see the members of microsoft dynamic groups as the membership of microsoft dynamic groups is determined when the email is sent or stored in ad where users cannot see in contrast, activate constructs the membership of its dynamic lists according to predefined rules users have the capability to view the members of activates dynamic lists either via the activate web portal or directly from their outlook client, ensuring accurate communication for more information on activate dynamic lists click on the activate dynamic lists link under the associated articles section