Not an issue, but a request

[jakke91]

Hello Tim,

Would it be possible to include a switch that can put the resulting 3 AD objects in a separate OU?

Greetings, Jan

[timmcmic]

Not right now. Moving these back is intentional - as we know that the ou they are in will sync which is required for the contact to ensure continuity between on premises and office 365.

Also the dynamic group filters for the contact by start on that ou to keep the query highly efficient.

What’s the thought process?

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday – Wednesday 08:00 – 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

---

From: jakke91 @.> Sent: Thursday, August 3, 2023 3:11 AM To: timmcmic/DLConversionV2 @.> Cc: Subscribed @.***> Subject: [timmcmic/DLConversionV2] Not an issue, but a request (Issue #149)

Hello Tim,

Would it be possible to include a switch that can put the resulting 3 AD objects in a separate OU?

[dlConversion2]https://user-images.githubusercontent.com/140384079/258030162-9dd9dbbb-7c63-4d04-b7ad-117205fd8e45.png

Greetings, Jan

— Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/149, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6LZJ2UOJ7YDWBOHZQDXTNFKPANCNFSM6AAAAAA3CKBNHM. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[jakke91]

A customer has a OU with (unfortunately) DL & mail-enabled security groups mixed together. So, running the script results in creating extra AD objects in that OU, making it more messy then it already was. I am now moving the objects manually to a (synced) OU.

[timmcmic]

So if you move the objects manually to another OU you'll break the enable hybrid mail flow feature so be careful.

Let me give this one some thought - it has some trickle down effects all over the code but is an interesting ask. My concern is that if someone screws up the sync on that OU it can have mail flow impacts for nested group membership and such.

Using the source OU always gives us that comfort since we know it has to be in sync before we start the job. Have to plan on the least common denominator...

Tim

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday - Wednesday 08:00 - 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

From: jakke91 @.> Sent: Thursday, August 3, 2023 8:34 AM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Not an issue, but a request (Issue #149)

A customer has a OU with (unfortunately) DL & mail-enabled security groups mixed together. So, running the script results in creating extra AD objects in that OU, making it more messy then it already was. I am now moving the objects manually to a (synced) OU.

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/149#issuecomment-1663904073, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6LZDSWUA5FX4NKDYPDXTOLEHANCNFSM6AAAAAA3CKBNHM. You are receiving this because you commented.Message ID: @.**@.>>

[jakke91]

Just to be sure: so if I move these objects manually to another synced OU, the hybrid flow will break?

[timmcmic]

Yes - when you create a dynamic DL via powershell you have to specify a source OU. It's also good to do so as it keeps the LDAP queries efficient. If you do a get-dynamicDistributionList on one of the hybrid dynamic DLs created you'll see it's the OU where the objects originally came from.

SO if you move that group and the contact to another OU - the contact will never be found for hybrid mail flow.

This is one of the issues I run into with your request. I could for example create these in another OU specified - but the majority of the people I work with want the group back in the OU it came from especially when splitting off security and distribution functions during a migration. It's always a catch 22.

You could move them by hand - but you'd have to update the filter on the dynamic group for hybrid mail flow to work.

Tim

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday - Wednesday 08:00 - 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

From: jakke91 @.> Sent: Thursday, August 3, 2023 9:00 AM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Not an issue, but a request (Issue #149)

Just to be sure: so if I move these objects manually to another synced OU, the hybrid flow will break?

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/149#issuecomment-1663942801, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6IGAYX4EUWXD6H2OLLXTOOGDANCNFSM6AAAAAA3CKBNHM. You are receiving this because you commented.Message ID: @.**@.>>