Forum Discussion

TaranjeetSM11's avatar
TaranjeetSM11
Copper Contributor
Aug 11, 2023

Dynamic Distribution Group with no Disabled Accounts

Hi

 

I'm trying to build a few Dynamic Distribution Lists in Exchange Online and want to only include Active Users (i.e., users that are marked "Active" in Azure AD). I've tried using the UserAccountControl attribute (-eq 514 or -ne 514 - both are returning the same results, which is strange), but it still includes user accounts that are disabled. This is how my recipient filter looks like:

 

      RecipientType -eq 'UserMailbox' -and UserAccountControl -ne 514

 

What's the best way to achieve this in Exchange Online?

 

 

Thanks

Taranjeet Singh

 

 

exchange
exchange online
Exchange Server
hybrid
office 365
  • Ankido's avatar
    Ankido
    Iron Contributor
    Feb 19, 2025

    Hi TaranjeetSM11,
    Yes, you can create a Dynamic Distribution Group in Exchange Online using PowerShell and exclude disabled accounts.

    Solution 1: In Exchange Online, use the AccountDisabled attribute in your filter rule. A disabled account in Entra ID will have AccountDisabled -eq $true

    New-DynamicDistributionGroup -Name "ActiveUsersOnly" -RecipientFilter { 
    (RecipientType -eq 'UserMailbox') -and (AccountDisabled -ne $true) 
}

    Solution2: If AccountDisabled doesn’t work, you can filter based on UserPrincipalName, as disabled users sometimes lack a valid UPN.

     

    New-DynamicDistributionGroup -Name "ActiveUsersOnly" -RecipientFilter { 
    (RecipientType -eq 'UserMailbox') -and (UserPrincipalName -like '*@*') 
}

     

    If you need any more help, feel free to reach out.

    • Tiberia's avatar
      Tiberia
      Copper Contributor
      Feb 25, 2025

      These dont work and throw an error that the filter syntax is invalid. 

      I dont understand Microsoft sometimes. 

      • Ankido's avatar
        Ankido
        Iron Contributor
        Feb 26, 2025

        Hi Tiberia,

        Sometimes the reasons could be:

        1. Authentication Issues
        2. Missing or Outdated Module
        3. Expired Session
        4. Insufficient Permissions
        5. Network Connectivity Issues
        6. Throttling or API Limits

         

        Could you please provide the error message or share a screenshot?

  • Sajjad's avatar
    Sajjad
    Brass Contributor
    Feb 14, 2025

    New-DynamicDistributionGroup -Name "ActiveUsersDDL" -RecipientFilter "((RecipientFilter -like "*") -and (UserAccountControl -band 2) -eq 0)" -RecipientContainer "OU=Users,DC=yourdomain,DC=com"

    # Replace with your OU path

  • VasilMichev's avatar
    VasilMichev
    MVP
    Aug 11, 2023
    Try this:

    {RecipientType -eq "UserMailbox" -and ExchangeUserAccountControl -ne "AccountDisabled"}

Resources