Office 365: Adding a cloud only distribution group as a member of a distribution group on premises…

Today I spoke with a customer that had a unique situation – at least for me.  They have started to create distribution lists that reside in Office 365.  They still had distribution lists that were synchronized from on premises.  The customer wanted to add the cloud only distribution list as a member of the distribution list synchronized from on premises. 

Natively this functionality is not possible since cloud only distribution lists are not synchronized from the cloud to on premises.  (One could arguable use Office 365 Groups and group back sync – but that could get complicated).  To fulfill this request I believe we can utilize a mailbox and forwarding.  Let’s take a look.

On premises we have a DL called OnPremisesDL.

[PS] C:\Windows\system32>Get-DistributionGroup OnPremisesDL

Name DisplayName GroupType PrimarySmtpAddress

---- ----------- --------- ------------------

OnPremisesDL OnPremisesDL Universal OnPremisesDL@domain.org

In the cloud we have a DL called CloudDL.

PS C:\Users\timmcmic> Get-DistributionGroup CloudDL

Name DisplayName GroupType PrimarySmtpAddress

---- ----------- --------- ------------------

CloudDL CloudDL Universal CloudDL@domain.onmicrosoft.com

My initial thoughts were to utilize a shared mailbox for this purpose.  Our new-remoteMailbox does not have the ability to provision a shared mailbox remotely – and the mailbox must exist as an object both in the cloud and on premises.  To accomplish this we will create the shared mailbox on premises and migrate it to Office 365.

[PS] C:\Windows\system32>New-Mailbox -Shared -Name CloudDL-Forward

Name Alias ServerName ProhibitSendQuota

---- ----- ---------- -----------------

CloudDL-Forward CloudDL-Forward azure-mbx Unlimited

With the mailbox created it can be migrated to Office 365 which will preserve the shared status and convert it to a remote shared mailbox.

image

image

Post migrating the mailbox to Office 365 we can set the appropriate properties to allow forwarding.  My first recommendation is to hide the mailbox from the distribution list.   This command is executed on premises.

[PS] C:\Windows\system32>Set-RemoteMailbox CloudDL-Forward -HiddenFromAddressListsEnabled:$TRUE

[PS] C:\Windows\system32>

My second recommendation is to enable forwarding using the forwarding SMTP address property and prevent delivery to the shared mailbox.  The forwarding address utilized should match the cloud distribution lists primary SMTP address.  This command is executed in Office 365. 

[PS] C:\Windows\system32>Set-Mailbox CloudDL-Forward -ForwardingSMTPAddress CloudDL@domain.onmicrosoft.com -DeliverToMailboxAndForward:$FALSE

[PS] C:\Windows\system32>

Hiding the mailbox from the address list will prevent users from accidentally selecting it in a name search or when browsing the address list.  The forwarding SMTP address parameter will allow transport to send all messages to the cloud DL preserving the from address as the original sender.  The deliver to mailbox and forward parameter set to false will prevent the delivery of the message to the shared mailbox.  This essentially serves as a forwarder that exists as both an object on premises and within the cloud.

In order for the messages to route to the on premises distribution list and then deliver to the cloud distribution list our mailbox must be a member of the on premises distribution list.

[PS] C:\Windows\system32>Add-DistributionGroupMember -Identity OnPremisesDL -Member CloudDL-Forward

[PS] C:\Windows\system32>

When this has completely synchronized to the on premises environment a test can be performed.  Using an outlook profile we will email the onpremisesDL@domain.com.  The email should arrive in the mailbox of user@domain.com since user@domain.com is a member of CloudDL@domain.onmicrosoft.com

image

The test email was successfully received to the mailbox that is a member of CloudDL.  Note the to address is the on premises distribution list.