Lets talk today about Dynamic distribution groups in a hybrid environment where we have on premises and Exchange Online implemented. After our move to the cloud we got a service incident saying that sending mail to “Everyone” Wasn’t working anymore. After finding out that Dynamic distribution groups are not synced to the cloud in dirsync we had to look for other solutions…
We created the following workaround to achieve our following goals;
-Add dynamically members from on premise and cloud users.
-Secure groups by authenticating all users for allow sending to this group.
Here is how we implemented the solution:
First just as normal Dynamic groups, create your group and apply filters to them. A important thing to note is that you not only have mailboxes anymore but also users with external mail addresses (shared namespaces) Select the first and second box:
When you go to conditions tab and choose preview you will see users from on premises and cloud users.
When you look in the GAL from a user’s outlook from a mailbox residing on premises all looks OK as we know from on premises exchange configuration. When we open Outlook to lookup the GAL in the cloud (after we waited for dirsync to sync configuration changes) we do not see the group in the address list. Now here is the trick to achieve Cloud users allowing to send mail to dynamic distribution lists.
Go as administrator to your webmail and open the options:
Choose to manage My Organization:
Go to users and groups and select external contacts. Click New…
Fill in your Contact details and click save:
Make sure your external e-mail address refers to the mail address of your Dynamic Distribution group created on premise.
By default Dynamic Distribution Groups have enabled require that sender is authenticated.
We need to do this as well for our contact we created in Office 365.
And we are done!