Office 365: Challenges with Distribution Groups for Migrated Mailboxes and a Script Based Solution ( Script Version 1.1 )

===========================================================================================

Group Migration Script v1.1 –> https://github.com/timmcmic/DLConversion/blob/master/src/DLConversion.ps1

===========================================================================================

In script version 1.1 we introduced a new feature to control how the group is provisioned in Office 365.  When a group is create on-premises the group type can be established as either distribution or security.  The group type can be dynamically changed through Active Directory Users and Computers by changing the group type on the groups properties.

image

By changing the radio button to security the group type will change from mail universal distribution to mail universal security.

The same process is not available to administrators in Office 365.  When a distribution list is provisioned in Office 365 the group type selected is persisted.  If the group is created as a mail distribution group it can only be converted to a mail security group if deleted and recreated.  This would essentially prevent administrators from applying security rights to a group in the future. 

In version 1.0 of the script and the default settings in versions 1.1 the group type is retained.  If conversion of a mail enabled security group is selected the new group created in Office 365 is also created as a mail enabled security group.  The same is true for just a mail enabled distribution group.  In the past there have been conditions where this may not be the desired outcome.  For example – in the past security groups may have been provisioned but the desire is not to carry them forward as security groups in Office 365. 

Version 1.1 of the script implements a switch –GroupTypeOverride.  The administrator may specify a value of “DISTRIBUTION” or “SECURITY”.  This value will override the group type specified when creating the Office 365 distribution group.  In essence a security group on-premises may now be created as a distribution group in Office 365.

Here is an example of command execution:

ConvertDL.ps1 -dlToConvert Migrate -ignoreInvalidDLMember:$TRUE -ignoreInvalidManagedByMember:$TRUE -groupTypeOverride:"DISTRIBUTION"