Get Distribution Group Members Using PowerShell

Office 365 Distribution Groups (aka Distribution List) are used to send emails or meeting request to list of people (both internal and external users), without having to add the email address individually each time. Distribution Groups are suitable when you need to broadcast information to a group of people, such as “People in the sales department” or “All people at your company”. Also, admins can add bulk users to distribution group based on their requirements.

Finding out who is members of which Distribution Group is always a tedious task. You can view Distribution Group members through Microsoft 365 Admin Center, but it is per user base. So, you need to click each group to view its membership which is time-consuming. Fear not! Your friend, PowerShell is here for the rescue. You can use PowerShell commands to export distribution list members to csv.

If your distribution group has dynamic members (users automatically assigned to a group based on some predefined conditions), you need to use different cmdlets to get dynamic distribution group members.

The Get-DistributionGroup cmdlet in Exchange Online PowerShell helps list all distribution groups in the tenant, while Get-DistributionGroupMember retrieves their members. However, since a group can have many members, exporting them can be a bit challenging. To overcome this problem, we have created a PowerShell script which helps you export two distribution list reports.

• Distribution group report
• Distribution group membership report

Download Script: GetDistributionGroupMembers

Script Highlights:

• Allows you to filter the report result based on group size (i.e., Members count).
• The script can be executed with MFA enabled account too.
• You can either export all DLs or use import CSV with required DLs.
• You can filter groups based on whether they accept messages from external senders or not.
• Exports the list of allowed senders to a Distribution List.
• Output can be filtered to list empty group. i.e., Distribution Group without members
• You can get members count based on Member Type such as User mailbox, Group mailbox, Shared mailbox, Contact, etc.
• The script is scheduler friendly.
• Exports output in nicely formatted 2 CSV files. One with detailed information and another with summary information.

Distribution Group summary report has following attributes: Group Display Name, Primary SMTP Address, Group Alias, Group Type, Group Owner, Group Members Count, Members Count by Recipient Type, Allows External users, Authorized Senders.

Optional properties: Hidden From Exchange Address List, Description, Creation Time, DirSync Enabled, Member Join Restriction, Member Depart Restriction.

Detailed Office 365 Distribution Group membership report has following attributes: Group Display Name, Primary SMTP Address, Group Alias, Group Members Count, Group Members, Member Primary SMTP Address, Member Recipient Type.

To export all Office 365 Distribution Lists and members report, execute the script using any of the below methods.

Method 1: Run the script using MFA or non-MFA accounts

This will export all the distribution groups and their members into CSV files.

Method 2: Run the script using certificate-based authentication

This method also helps to run the script unattended by connecting to Exchange Online using Certificates. You can either use CA certificates or create a self-signed certificates.

This script has many built-in parameters to filter/customize the report based on your requirement. We have listed some of the primary uses cases below.

1. Get members for a single/list of Distribution Group.
2. Get members for Distribution Group that has more than ‘N’ members.
3. View empty Distribution Group.
4. Export Distribution Group that allows external users to send message.
5. Identify who are authorized to send email to a Distribution List.
6. Get more granular DL report.
7. Schedule DL membership report.
8. Add additional attributes to exported file.

Let’s check the use cases in detail.

You can use –GroupNamesFile param to get members of a Distribution Group from the input list called “DistributionList.txt” and exports all membership into CSV.

To get members of specific Distribution List, pass an input file with a Display Name/ Alias/ Distinguished Name/ Canonical DN/ Email Address or GUID of groups.

The GroupNamesFile must follow the format below: Group identity separated by new line without header.

Additionally, keeping a list of all distribution lists with disabled users will also help in ensuring that you’re aware of any disabled accounts within your groups.

To filter result based on group members count, you can use –MinGroupMembersCount param. i.e., You can get groups that have more than the specified number of members.

Above script reports all Distribution Lists that has more than 50 members.

To get an empty Distribution Group (ie, Distribution Group without members), execute the script with -IsEmpty param.

Using this filter, you can identify and delete unused Distribution Lists available in your tenant.

This value is retrieved from “RequireSenderAuthenticationEnabled” attribute. It allows you to restrict who can send emails to an Distribution List.

Using –ExternalSendersBlocked Param, you can filter the result based on the delivery option. I.e., you can get list of Distribution groups that allows/denies external users to send a message to that group.

To list Distribution Groups that allows external users to send message to that group, execute a script with –ExternalSendersBlocked $false

To list Distribution Groups that doesn’t allow external users to send message to that group, execute a script with –ExternalSendersBlocked $true

Tip: You can also keep an eye on distribution groups with external users to ensure sensitive information isn’t shared with unauthorized individuals.

Getting Office 365 Distribution list’s authorized senders is a bit tricky as authorized senders are retrieved by correlating multiple attributes. You can get allowed senders from Get-DistributionGroup cmdlet, and the attributes are,

1. AcceptMessagesOnlyFromSendersOrMembers – Lists allowed senders.
2. RequireSenderAuthenticationEnabled – This restrict senders who can send email to a Distribution group, i.e., whether a Distribution Group allows external senders or allows internal senders alone.

How to get allowed senders?

• If the allowed senders’ list has values, group members will receive messages only from those senders and reject messages from everyone else.
• When allowed senders list is empty, group members will receive messages from everyone based on ‘RequireSenderAuthenticationEnabled.’

To make it simple, our ‘Export Distribution List members’ script exports Distribution Group along with authorized senders.

You can use multiple filters together, to get more granular report. For example, you can get members for a list Distribution Group that has more than 50 members

Would you like more granularity? We’ve got you with our granular PowerShell script! Precisely identify which groups each user is a member of and track their direct assignments easily.

You can schedule this script in task scheduler by explicitly mentioning the credential.

To know more about scheduling Powershell script, refer our blog: Schedule PowerShell script using Task Scheduler.

To add following attributes to Distribution Group members report, uncomment the comment section in the line 110 and 112.

• HiddenFromAddressList (HiddenFromAddressListsEnabled) – Hide group from Global Address List(GAL).
• Description – Short information about group.
• CreationTime (WhenCreated) – Group creation time.
• DirSyncEnabled (IsDirSynced) – Whether the group has directory sync enabled or not.
• JoinGroupWithoutApproval (MemberJoinRestriction) – Shows whether owner approval is required to join a group.
  • Open – Anyone can join group without being approved by the group owner.
  • Close – Members can be added only by the group owner.
• LeaveGroupWithoutRestriction (MemberDepartRestriction) – Shows whether the group is open to leave.
  • Open – Anyone can leave group without being approved by the group owner.
  • Closed – Members can be removed only by the group owner.

Exporting reports with PowerShell is useful, but what if you could generate the report in just a few clicks and even schedule it to be delivered directly to your inbox—for free? Sounds cool, right?

AdminDroid’s free Microsoft 365 reporting tool offers 120+ reports across various categories, including following reports specific to group management.

• Group types
  • Security group
  • Distribution group
  • Mail-enabled security group
  • Microsoft 365 group
  • Dynamic distribution group
• Group membership
  • Direct members
  • Nested group members
  • Hidden membership
  • External members
• Group member changes
• Groups usage
• Inactive groups based on Last activity date

Besides, AdminDroid provides a 10+ free dashboards. The cost free version includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. The free edition doesn’t have any restrictions in reporting functionalities such as customization, scheduling, and exporting. You can download Free Office 365 reporting tool by AdminDroid and see how it helps for you.

Additionally, AdminDroid provides 1900+ pre-built reports and 30 dashboards to know about your Office 365 environment at a glance. This tool provides reports on Office 365 reporting, auditing, analytics, usage statistics, security & compliance, etc.

Download AdminDroid M365 management tool to witness it’s super power.

If you have any queries regarding script, reach us through the comment section.