Skip to content
English
Contact us Customer portal Sign in
  • There are no suggestions because the search field is empty.

Use a dynamic Azure AD group

Guide for Microsoft Entra ID (formerly Azure AD) using Microsoft Graph PowerShell SDK.

1. A step-by-step guide

The purpose of this procedure is to define the method for creating, maintaining, and verifying the Dynamic Distribution Group used to communicate with all Shared Mailboxes within the organization.

This group ensures that any email sent to the designated address is automatically delivered to every existing Shared Mailbox without manual intervention.

2. Scope

  • Target: All mailboxes with the RecipientTypeDetails attribute set to SharedMailbox.
  • Platform: Exchange Online (Microsoft 365).
  • Limitation: This group is strictly for email distribution. It cannot be used for security permissions (e.g., SharePoint access, Teams membership, or Conditional Access).

3. Prerequisites

To perform these actions, the administrator requires:

  • Role: Exchange Administrator or Global Administrator.
  • Software: Windows PowerShell 5.1 or PowerShell 7+.
  • Module: Exchange Online PowerShell Module (ExchangeOnlineManagement).

4. Procedure

4.1. Connect to Exchange Online

  1. Launch PowerShell as Administrator.
  2. Run the following commands to import the module and sign in:
  3. PowerShell

PowerShell:

# If the module is not installed, uncomment the line below:

# Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser

Connect-ExchangeOnline

 

  1. Complete the interactive login prompt.

4.2. Create the Dynamic Group

Skip this step if the group already exists.

Run the following command to create the group. This utilizes a native Exchange filter to target shared mailboxes automatically.

PowerShell:

New-DynamicDistributionGroup -Name "All Shared Mailboxes" `

    -Alias "all_shared_mailboxes" `

    -RecipientFilter "(RecipientTypeDetails -eq 'SharedMailbox')"

 

4.3. Verify Membership

Since the group is dynamic, you cannot "add" members. You must verify that the filter is correctly identifying targets.

  1. Run the following script to preview the list of recipients that will receive email sent to this group:

PowerShell

$Group = Get-DynamicDistributionGroup "All Shared Mailboxes"

Get-Recipient -RecipientPreviewFilter $Group.RecipientFilter

 

  1. Validation: Ensure the output lists the expected Shared Mailboxes and excludes standard User Mailboxes.

4.4. Testing

  1. Send a test email to all_shared_mailboxes@<yourdomain.com>.
  2. Log into a known Shared Mailbox and confirm receipt.
  3. Note: It may take up to 2 hours for a newly created shared mailbox to be recognized by the dynamic filter, though it is usually faster.