Sneaky tricky management scopes in Exchange Online.

If you’ve been creating scopes in Exchange Online in, for instance, following way…:

$Group = Get-DistributionGroup -Identity “RoomImpersonationGroup”
New-ManagementScope “Room Mailboxes Impersonation” -RecipientRestrictionFilter “MemberOfGroup -eq ‘$($Group.DistinguishedName)'”

…so using a DistinguishedName attribute – you might experience a moment when this solution stops to work.


Just recently I came across this great article, telling that the proper way of assigning recipients to scopes in Exchange Online (and recommended by Microsoft) should be via custom attributes, like this (below example is for hybrid environment)…:

[To be done in Exchange console OnPremise]
Get-remotemailbox user | Set-remotemailbox -CustomAttribute1 "EWS Impersonation"

[To be done in Exchange Online]
New-ManagementScope “Room Mailboxes Impersonation” -RecipientRestrictionFilter “CustomAttribute1 -eq "EWS Impersonation"

…as for the Exchange Online DN might be changed without our knowledge.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s