Get Distribution Lists with External Users in Microsoft 365

Managing distribution lists (DLs) in Microsoft 365 is a key responsibility for admins, especially when external users are involved. Distribution Groups with external users simplify collaboration by enabling organizations to easily send emails and updates with clients and other external stakeholders. However, this transparency comes with the responsibility of ensuring sensitive information isn’t shared with unauthorized individuals. Therefore, it is essential to keep a close eye on distribution lists with external members to avoid potential security breaches.

In Microsoft 365, identifying distribution lists with external users/contacts can be challenging, as there are no direct methods.

To find the distribution group members along with external contacts in the Microsoft 365 admin center, follow the below-mentioned steps.

1. Sign in to the Microsoft 365 admin center.
2. Navigate to Teams & groups –> Active teams & groups –> Distribution list.
3. For each DL, go to Members tab and check the members list for external users/contacts.

Repeat the process for every distribution list in the organization. This process is inefficient and tedious, especially when dealing with numerous distribution lists.

In PowerShell, the Get-DistributionGroupMember cmdlet allows you to find the member list of distribution groups. However, you need to run the cmdlet for each group individually, which is time-consuming and impractical for large-scale environments.

To address this gap, we’ve created a PowerShell script that retrieves all distribution lists that contain people outside your organization, saving you time and effort.

Download Script: DLsWithExternalUsers.ps1

• Generates a list of distribution groups with external users in Microsoft 365.
• Excludes external mail contacts by default, with an option to include them if required.
• The script automatically verifies and installs the Exchange PowerShell module (if not installed already) upon your confirmation.
• Exports report results to CSV.
• The script supports Certificate-based authentication (CBA).
• The script is schedular friendly.

The script analyzes and exports all distribution lists that have external users along with the following attributes:

• DL Name
• DL Email Address
• No of External Users in DL
• External Users’ Name
• External Users’ Display Name
• External Users’ Email Address

The exported ‘Distribution Lists with external users’ report looks like the screenshot below:

1. Download the script.
2. Start the Windows PowerShell
3. Select any of the methods provided to execute the script.

• • Export distribution groups with external users into CSV
  • Retrieve DLs with external users by explicitly mentioning credentials
  • Get DLs with external users using certificate
  • Find distribution groups with external mail contacts

You can run the script with MFA and non-MFA accounts.

Running this script will export a list of DLs with external users in Microsoft 365.

Pro Tip: With the external users’ details, you can use PowerShell to find all the distribution lists an external user is a member of.

You can execute the script by explicitly mentioning credentials like below:

The above method supports only non-MFA accounts. If the admin account has MFA, you need to disable MFA using CA policy to make this work.

To use certificate-based authentication, you must register the app in Entra ID which helps you to connect Exchange Online using certificate. This method is schedular friendly.

Note: Depending on the requirements, you can create a self-signed certificate.

By default, the script exports DLs with external users while excluding external contacts. To include external mail contacts in the report, run the script with –IncludeContacts switch as shown below.

This generates a detailed report of distribution lists with external contacts as well as external users.

Note: If you find the external user/contact is a member of many inactive distribution groups, consider removing them from those groups.

Tired of the complexity of managing distribution groups and generating reports in Microsoft 365? AdminDroid makes it effortless! With AdminDroid’s free Azure AD reporting tool, users can unlock a powerful suite of Microsoft 365 distribution list reports.

Explore some of the distribution group based reports offered by AdminDroid:

• All Distribution Groups
• Distribution Group Members
• Distribution Group Membership Changes
• Daily Top Distribution Groups by Mails Sent/Received
• Top DLs based on Sending/Receiving Internal Emails
• Top DLs based on Sending/Receiving External Emails
• Active Distribution Groups by Mail Sending/Receiving Frequency
• Monthly/Hourly/Daily Distribution Groups Mail Traffic Stats
• Inactive Distribution Groups by Mails Received
• Inactive distribution Groups by External Mails Received

Apart from this, AdminDroid offers 120+ reports and dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. The Free Azure AD Reporter edition doesn’t have any restrictions in reporting functionalities such as customization, scheduling, and exporting.

But that’s not all. AdminDroid’s Microsoft 365 management tool takes it a step further, offering over 1900 pre-built reports and 30+ dashboards covering every aspect of Microsoft 365 services. From SharePoint to Exchange Online, Teams to Power BI, and Viva Engage, AdminDroid covers it all. Plus, enjoy a 15-day premium trial with full access to advanced features like reporting, alerting, delegation, and compliance.

Download AdminDroid today and start managing your Microsoft 365 environment like never before!

I hope this blog is useful for identifying DLs with external users in your organization. If you have any queries, you can reach us through the comment section.