While directory sync provides a much needed service for Office 365 tenants one pain point that comes up pretty regularly is distribution group management once you’re in the cloud. Sure the groups get synced to the cloud but if you’ve been used to managing the group memberships with Outlook when everyone’s mailbox used to be on-premise, once you move your mailbox to the cloud you won’t be able to do that anymore. This is because the object is synchronized from your local AD and therefore you must make changes to the group in Active Directory and let dirsync bring those changes to the cloud. If you have a hybrid server or local Exchange environment you could use it to manage the membership but most likely you’re not going to allow users to access the EMC. You could also create your own application which allows users to edit groups in your local AD but honestly who wants to spend development time doing that?
So what other options are there? Well the only way is to recreate each group directly in the cloud. What if you have hundreds or thousands of groups and thousands of members of those groups? I know, it doesn’t’ sound like this would be any fun at all and it’s not. You can automate this process using PowerShell and maybe some simple Excel skills. I like keeping things organized and so I use Excel to prepare input files for my bulk PowerShell applications. For this particular task what I did was get a list of the existing distribution groups from my on-premise Exchange environment with a few attributes to allow me to bind to the AD object and leverage other attributes in my script. I would grab at a minimum the displayName, mail, and mailNickname. Using Excel I would then use this information to create the new displayName, mail and mailNickname for the cloud-based distribution groups. To show you what I mean here’s an example input file (CSV) for my script.
| oldgroupDisplayname | oldgroupMail | oldgroupAlias | newgroupDisplayname | newgroupMail | newgroupAlias |
| DGroup1 | dgroup1@domain.com | dgroup1 | Cloud Group1 | cloudgroup1@domain.com | cloudgroup1 |
Now for the very simple script to connect to the cloud, create the new group and populate the membership based on the existing group:
# Connect to cloud
$o365creds=Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365creds -Authentication Basic -AllowRedirection
# Note: The prefix below is used to differentiate between the Exchange Online commands and the local Exchange commands (e.g. get-CloudMailbox vs. get-Mailbox)
Import-PSSession -Session $Session -Prefix "Cloud" -DisableNameChecking:$true -AllowClobber:$true
Import-CSV groups.csv | % {
# Create the new group
New-CloudDistributionGroup -DisplayName $_.newgroupdisplayname -Name $_.newgroupname -Alias $_.newgroupalias -PrimarySmtpAddress $_.newgroupmail -Type Distribution
# Grab members from old group
$groupmembers=@(Get-CloudDistributionGroupMember -Identity $_.oldgroupmail)
# Now add the members from the old group to the new group
foreach ($groupmember in $groupmembers) {
Add-CloudDistributionGroupMember -Identity $_.newgroupmail -Member $groupmember.primarysmtpaddress
}
}
Note the prefix (“Cloud”) that I used in the example. This simply means to prefix the cmdlet you’re running with “cloud” (i.e. Get-CloudMailbox instead of Get-Mailbox). Using a prefix allows me to use multiple remote PowerShell sessions, one against the cloud and one against the on-premise Exchange environment so I can keep track of which objects I’m updating. This script could be expanded easily to configure other settings on the new cloud distribution group and to duplicate other settings from the on-premise group like the manager, proxyAddresses, group opt-in/opt-out settings, etc.
I hope this proves useful for someone out there faced with the same challenge.
