Create a Cloud distribution group

Hi,

We'd like to create a form in Active Roles web client that allows the creation of an Exchange online distribution group with the command New-DistributionGroup without creating an on-premise AD object in a hybrid environment.  There isn't an out-of-the-box solution for this but I'm hoping we can use the method of creating a cloud shared mailbox as a template. I tested it last year but I can't find the article now on how to do it and deleted everything I'd done when I found an alternative.  All we're looking for is for helpdesk staff to type in a name and select an owner from AD that will create a cloud group, which the owner can then populate themselves.  Has anyone else tried to do this?  We've got a script I think will work for the creation, the problem is getting some kind of form and/or command to trigger the creation using a workflow or provisioning policy and that's where I'm stumbling.

Thanks in advance

$owner = <who is going to manage list>
$newgroup = <new distribution group name>
$grouptype = "Distribution"
$PrimaryEmail = ($newgroup).replace(" ","") + "@domain"
New-DistributionGroup -Name $newgroup -PrimarySmtpAddress $PrimaryEmail -managedby $owner -Type $grouptype
Parents
  • Though perhaps somewhat unorthodox, you could create 2 virtual attributes and associate them with AD OUs.

    Example:

    edsva_New_DL_Name

    edsva_New_DL_Owner (make this one DN syntax)

    Create a new command calling a property editing form for OUs and add these to it.

    Create a change workflow that looks for an edit to these properties and triggers your group creation script as a script activity.

    Here's a snippet:

    Function CreateNewCloudDL ($Request)
    {
    $owner = $Request.get("edsva_New_DL_Owner")
    $newgroup = $Request.get("edsva_New_DL_Name")
    $grouptype = "Distribution"
    $PrimaryEmail = ($newgroup).replace(" ","") + "@domain"
    New-DistributionGroup -Name $newgroup -PrimarySmtpAddress $PrimaryEmail -managedby $owner -Type $grouptype

    }

    You would need to include the "O365 script execution configuration" activity in your workflow to establish the PoSh session with your tenant.

  • Hi agian,

    Thanks very much for your help so far; I'm hoping you can assist again.

    I've got the script set up and if I run it through Powershell it works great but not if I run it through AR web client.  I've set up event log events and it appears that the attributes are being fed in correctly and there are no errors in Change History to indicate a problem, but nothing is being created in the cloud.  I know the script is OK as it works through Powershell and I know the attributes are being fed into to script.  We don't need the O365 part as we've got that built into the script with a locally held credentials file; we do that for any Exchange Online connections so we know that works.

    function CreateNewCloudDL ($Request)
    {
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, "Create cloud only script running")

    #Exchange Credentials
    $credential = Import-Clixml -Path 'C:\Users\xxxxxxxx\cred.xml'
    $ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "">outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection
    Import-PSSession $ExchangeSession -allowclobber

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, "Exchange Online session established")

    #create group
    $owner = $Request.get("edsvaDistGroupOwner")
    $newgroup = $Request.get("edsvaDistGroupName")
    $grouptype = "Distribution"
    $PrimaryEmail = ($newgroup).replace(" ","") + "@domain"

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $PrimaryEmail)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $owner)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $newgroup)

    New-DistributionGroup -Name $newgroup -PrimarySmtpAddress $PrimaryEmail -managedby $owner -Type $grouptype

    }



    Finally, I'd like to be able to null the values at the end and I know how to do that if it's a user but there doesn't seem to be an OU equivalent of the command, do you know how to clear the attributes at the end of the script so they aren't visible the next time someone wants to create a list?

    Thanks in advance

Reply
  • Hi agian,

    Thanks very much for your help so far; I'm hoping you can assist again.

    I've got the script set up and if I run it through Powershell it works great but not if I run it through AR web client.  I've set up event log events and it appears that the attributes are being fed in correctly and there are no errors in Change History to indicate a problem, but nothing is being created in the cloud.  I know the script is OK as it works through Powershell and I know the attributes are being fed into to script.  We don't need the O365 part as we've got that built into the script with a locally held credentials file; we do that for any Exchange Online connections so we know that works.

    function CreateNewCloudDL ($Request)
    {
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, "Create cloud only script running")

    #Exchange Credentials
    $credential = Import-Clixml -Path 'C:\Users\xxxxxxxx\cred.xml'
    $ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "">outlook.office365.com/powershell-liveid" -Credential $credential -Authentication "Basic" -AllowRedirection
    Import-PSSession $ExchangeSession -allowclobber

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, "Exchange Online session established")

    #create group
    $owner = $Request.get("edsvaDistGroupOwner")
    $newgroup = $Request.get("edsvaDistGroupName")
    $grouptype = "Distribution"
    $PrimaryEmail = ($newgroup).replace(" ","") + "@domain"

    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $PrimaryEmail)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $owner)
    $EventLog.ReportEvent($Constants.EDS_EVENTLOG_WARNING_TYPE, $newgroup)

    New-DistributionGroup -Name $newgroup -PrimarySmtpAddress $PrimaryEmail -managedby $owner -Type $grouptype

    }



    Finally, I'd like to be able to null the values at the end and I know how to do that if it's a user but there doesn't seem to be an OU equivalent of the command, do you know how to clear the attributes at the end of the script so they aren't visible the next time someone wants to create a list?

    Thanks in advance

Children
No Data