Dynamic Distribution Lists in a Hybrid Environment

In a hybrid deployment environment between Exchange Online and on-premises Exchange organizations, neither DirSync nor AADSync can be used to synchronize dynamic distribution lists (DDL) to Exchange Online. Therefore, mailboxes that have been migrated to Exchange Online cannot see DDLs in their GAL or email them.

To work around this issue, create a MailContact in Exchange Online for the DDL, and then grant permissions so that only authenticated senders can submit messages to the new contact. This object should have the following mappings:


On-Premises DDL



Cloud MailContact




















You should also consider the scope of the DDL before mailboxes are moved to Exchange Online. If the scope included only mailboxes, the scope must be expanded to include mail users and mail contacts. To do this, open the properties of the DDL and on the membership tab (in Exchange 2013), also select Mail users with external email addresses. If using the Shell, add MailUsers to the IncludedRecipients property of the DDL.

Exchange Online users can now select the DDL from the GAL. When they do, messages will be delivered to the members of the group as defined by the settings for the group.

2 thoughts on “Dynamic Distribution Lists in a Hybrid Environment”

  1. Many thanks for this Nuno,

    When trying to create the external contact External Email address to match the proxy address of the on-prem DDL, the following error occurs.

    “The proxy address SMTP: email address”is already being used”.

    I have no way of replicating the same DLL smtp address.

    1. Hi Chris,

      Where exactly is that address being used? If only in the on-prem DDL, then Exchange Online won’t know about it, so you won’t get that error.

      Try running the following both on-prem and in the cloud:
      Get-Recipient -ResultSize Unlimited | ? {$_.EmailAddresses -match “[email protected]”} | FL


