Tools4ever Solutions
(UMRA) - User Management Resource Administrator: Download
(ESSOM) - Enterprise Single Sign-On Manager: Download
(SSRPM) - Self Service Reset Password Management: Download

Test Environment: Server - Server 2008 R2
UMRA - 10.6

If you haven't already, make sure you go read my blog post on setting up a UMRA project to connect to your live @ edu enviorment. http://umrahelp.com/blog1.php/2011/03/10/how-to-connect-umra-to-your-live-edu-enviorment

Some of you already know what a Dynamic Distribution Group (DDG) is, and some of you might not. So let me explain what a DDG is for those of you who don't. Unlike traditional Security Groups, or Distribution Groups in Active Directory, DDG give you the ability to create filters to determine who is part of the DDG without retaining a static list of user objects. For example, lets say in your live @ edu environment that contains staff and student accounts: however, you only want students at a particular school and grade to receive emails from a DDG called "Joes_HighSchool_Grade_5. With DDG's you can do this by filtering attributes on the live @ edu accounts, so for example a filter might be Title -eq 'Student Grade 5' -and Description -eq 'Joes High School' . This filter will dynamically show you a list of users who Title in live @ edu is equal to 'Student Grade 5' with a second filter of, live @ edu users with a description of 'Joes High School'. Now, if you wanted to add users to this DDG or remove them, all you have to do is make sure the user or users don't meet your filter criteria, so there is no need to maintain users of a group anymore. As you can see DDG's are very easy to configure, and maintain compared to normal Distribution Lists. Now just on a side note, you can also create DDG in Exchange 2007 SP1 / SP2 and Exchange 2010.

So let's get down to it, how to create a DDG in your live @edu environment with UMRA. Now, I know some of you might be saying "I don't see a way to create DDG's in my live @ edu admin control panel", you are correct. Currently, there are no options to create / manage / edit any DDG information via the live @ edu admin control panel, however you can create / edit / manage your DDG's via powershell cmd window.

1. So first thing's first, you will need to setup your UMRA project to connect to your live @ edu environment.
Blog post here -> How to get UMRA connect to their Live @ edu environment

2. UMRA 10.6 does not have built in actions to create / manage / edit DDG's at the moment; however you can create your own custom powershell scripts and import them into your UMRA Service. At first I would run the powershell scripts via the command window, before importing them in your UMRA Service, to ensure you have your syntax right.

3. Run the powershell command below to connect to your live @ edu environment. You should get a popup window to enter your live @ edu admin username /password.
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session



When you are done with your powershell session, run the below command, or your session will still remain in use. By default you can only have three concurrent connections open to your live @ edu environment.

remove-PSSession $session

4. How to create a DDG'
New-DynamicDistributionGroup -Name 'New Group Name' -PrimarySmtpAddress 'somewhere@mydomain.com' -RecipientFilter 'Your Filter'

5. How to view your newly created DDG
get-dynamicdistributiongroup 'New Group Name' | Format-List

When you use Format-List it will show you all options that you are able to set on your DDG, this comes in handy when you're trying to set / get specific attributes on this DDG.

There you have it, a quick and easy way to create a DDG in your live @ edu environment. However, there is one major part of a DDG you will be missing if this is all you've done on the security. So why is the security so important? Well, you will need to restrict access on who can use these DDG's. You wouldn't want someone such as student be able to reply to every at a school now would ya? So there is a way you can set the security on who can actually send to these groups.

There are a few ways you can restrict sending access to any DDG's you have set up. You can restrict access of who can't send to the DDG, or you can restrict access of who can send to the DDG. Restricting who can send to the DDG is far easier to maintain then who can't send to the DDG. There are a few pitfalls when it comes to setting up the security on a DDG. The main pitfall being you can add either live @ edu accounts, or external contacts into your DDG security, or you can add a live @ edu security groups into the DDG security. Where this might become a problem is, if you don't have users that you want to send to these DDG's as external contacts or live @ edu users, you can't add them to your security groups within live @ edu.

Let's assume you have all your users either as external contacts, or actual live @ edu users. First thing you need to do is go into your admin live @ edu console, and create a security group called ddg_security. Then add all the external contacts, or live users who you want to be able to send to DDG.

If you only have 1 DDG created, then you can run the command below, to set the group as the security for who can send to this DDG.
set-dynamicdistributiongroup 'Your DDG Name' -AcceptMessagesOnlyFromSendersOrMembers 'Your Live @ edu Security Group Name'

If you have multiple DDG's, and need to set the security group on them all without going to each of them, you can run the below command.
$ddgs = get-dynamicdistributiongroup 'your filter'
or if you want to get all DDG's
$ddgs = get-dynamicdistributiongroup -resultsize unlimited

foreach ($ddg in $ddgs) { set-dynamicdistributiongroup $ddg.name -AcceptMessagesOnlyFromSendersOrMembers 'Your Live @ edu Security Group Name'}

If you want to allow only a specific external contact, or live @ edu account to send to this DDG run the below command.
set-dynamicdistributiongroup 'Your DDG Name' -AcceptMessagesOnlyFrom 'Your Live @ edu Contact'

So there you have it, a quick tutorial on how to get DDG's setup in your live @ edu environment. Overall DDG's are a powerful option compared to standard Distribution Groups. However live @ edu dosen't provide a lot of options to manage / create / edit these within your live @ edu admin portal which makes it hard to oversee. In my next blog posts I will continue on my live @ edu examples, and show you have to pull users from live @ edu, as well as created users in live @ edu with UMRA.