If you use Office 365 with an on premise version of Exchange, I don’t have to tell you how great directory synchronization is. Directory synchronization takes all the work (and potential errors) out of having to create users, groups, contacts, passwords, etc. in Office 365.
However, an occasional anomaly can leave you scratching your head. Take last week for example. I received an email from a customer stating that the mail users in Office 365 are unable to send messages to members of any of the distribution groups.
I think to myself, that’s odd considering AADSync has been deployed and no errors exist in the sync logs.
So, I begin to investigate. None of the on premise mailboxes are “hidden from the address list”. All of the distribution groups are “universal groups”. All of the distribution groups have users assigned as members. All of the groups exist in the tenant. But when I look at the membership of the groups in the tenant, they are empty.
Wait! What? Empty?! How can that be? Yep … The on premise groups are populated but all of the O365 distribution groups are empty.
There is no breadcrumb I can locate that gives any hint of the issue. And looking for other similar issues provided no results. I emailed a few colleagues and received a reply from one stating he had to rename a group for another project to get it to sync properly. Hmmm! This could be something. But by this time, I decided to open a service request for additional guidance because I was getting fairly frustrated and knew it would be about 4 hours before I heard back from them.
While I was waiting for support to respond, I looked deeper into the resolution my colleague suggested. While looking at the format and syntax of the distribution group names but didn’t feel comfortable changing the group names. Instead, I made a decision to remove a user from one of the distros, force a sync from AADSync to the tenant, add the user back to the group, and run AADSync a second time. The sync completed without error, however, there was no change to the distro in O365. Or was there? With the most recent changes, apparently I wasn’t patient enough. But oddly enough, a third run of AADSync finally populated the affected O365 distro I was targeting with the user I removed and re-added to the on premise group.
It looks like I found a resolution but there are too many distros and members of those groups and performing the tedious task one user at a time is not an option.
From the on premise Exchange server, I ran this command for every distribution group to a list of members…
Get-DistributionGroupMember -Identity 'GROUP_NAME'
Now, that I have documented the list of the members in each group, I removed all members using this command…
Get-DistributionGroupMember -Identity 'GROUP_NAME' | Remove-DistributionGroupMember -Identity 'GROUP_NAME' -Confirm:$False
…and ran AADSync to sync the empty distros to O365.
Then, I added all of the members back to the distro and ran AADSync twice more to ensure a clean run with no errors. Finally, all users showed as members in the O365 distros.
Lastly, the customer sent emails to a few groups and confirmed they were successfully received by all members of the group (both in O365 and on premise).
If anybody out there has a better way to resolve this issue, please share. I can’t imagine having to perform these steps for hundreds of groups.
Good luck and have fun!