Create a Cloud distribution group


We'd like to create a form in Active Roles web client that allows the creation of an Exchange online distribution group with the command New-DistributionGroup without creating an on-premise AD object in a hybrid environment.  There isn't an out-of-the-box solution for this but I'm hoping we can use the method of creating a cloud shared mailbox as a template. I tested it last year but I can't find the article now on how to do it and deleted everything I'd done when I found an alternative.  All we're looking for is for helpdesk staff to type in a name and select an owner from AD that will create a cloud group, which the owner can then populate themselves.  Has anyone else tried to do this?  We've got a script I think will work for the creation, the problem is getting some kind of form and/or command to trigger the creation using a workflow or provisioning policy and that's where I'm stumbling.

Thanks in advance

$owner = <who is going to manage list>
$newgroup = <new distribution group name>
$grouptype = "Distribution"
$PrimaryEmail = ($newgroup).replace(" ","") + "@domain"
New-DistributionGroup -Name $newgroup -PrimarySmtpAddress $PrimaryEmail -managedby $owner -Type $grouptype
  • Though perhaps somewhat unorthodox, you could create 2 virtual attributes and associate them with AD OUs.



    edsva_New_DL_Owner (make this one DN syntax)

    Create a new command calling a property editing form for OUs and add these to it.

    Create a change workflow that looks for an edit to these properties and triggers your group creation script as a script activity.

    Here's a snippet:

    Function CreateNewCloudDL ($Request)
    $owner = $Request.get("edsva_New_DL_Owner")
    $newgroup = $Request.get("edsva_New_DL_Name")
    $grouptype = "Distribution"
    $PrimaryEmail = ($newgroup).replace(" ","") + "@domain"
    New-DistributionGroup -Name $newgroup -PrimarySmtpAddress $PrimaryEmail -managedby $owner -Type $grouptype


    You would need to include the "O365 script execution configuration" activity in your workflow to establish the PoSh session with your tenant.

  • Hi Johnny,

    Thanks very much for your quick reply, I think I understand this.  It might a few goes to get my head around it but I'll give it a go.


  • Give it a go and post back here if you need help with fine tuning.

  • Hi Johnny,

    I've created the virtual attributes and started to create a new form but when I try to add them to the form the VAs aren't in the list.  I had a call with one of the support engineers yesterday and he went through it with me; I used the same method he did but no difference.  We thought maybe restarting the Admin Service and waiting overnight might help but there's no change.  I created the command as a Form, picked Edit Properties as the Type then went to Add Entry, Create and the attribute isn't in the list anywhere, or if I pick Select.  I can see them in Advanced Properties of the OUs in the MMC but not in the web client.

    Do you have any ideas?



  • Under Customization in the left pane, try Reload.

    Failing that restart IIS.

  • Perfect, thanks, the IIS did it.  I'd tried reloading before. ta!

  • Hi agian,

    Thanks very much for your help so far; I'm hoping you can assist again.

    I've got the script set up and if I run it through Powershell it works great but not if I run it through AR web client.  I've set up event log events and it appears that the attributes are being fed in correctly and there are no errors in Change History to indicate a problem, but nothing is being created in the cloud.  I know the script is OK as it works through Powershell and I know the attributes are being fed into to script.  We don't need the O365 part as we've got that built into the script with a locally held credentials file; we do that for any Exchange Online connections so we know that works.

    function CreateNewCloudDL ($Request)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, "Create cloud only script running")

    #Exchange Credentials
    $credential = Import-Clixml -Path 'C:\Users\xxxxxxxx\cred.xml'
    $ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "">" -Credential $credential -Authentication "Basic" -AllowRedirection
    Import-PSSession $ExchangeSession -allowclobber

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, "Exchange Online session established")

    #create group
    $owner = $Request.get("edsvaDistGroupOwner")
    $newgroup = $Request.get("edsvaDistGroupName")
    $grouptype = "Distribution"
    $PrimaryEmail = ($newgroup).replace(" ","") + "@domain"

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $PrimaryEmail)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $owner)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $newgroup)

    New-DistributionGroup -Name $newgroup -PrimarySmtpAddress $PrimaryEmail -managedby $owner -Type $grouptype


    Finally, I'd like to be able to null the values at the end and I know how to do that if it's a user but there doesn't seem to be an OU equivalent of the command, do you know how to clear the attributes at the end of the script so they aren't visible the next time someone wants to create a list?

    Thanks in advance