Enable-MailDynamicGroup.ps1

<#
    .SYNOPSIS
 
    This function enables the dynamic group for hybird mail flow.
     
    .DESCRIPTION
 
    This function enables the dynamic group for hybird mail flow.
 
    .PARAMETER GlobalCatalogServer
 
    The global catalog to make the query against.
 
    .PARAMETER routingContactConfig
 
    The original DN of the object.
 
    .PARAMETER originalDLConfiguration
 
    The original DN of the object.
 
    .PARAMETER isRetry
 
    This specifies if the operation is being retried after a failure.
 
    .OUTPUTS
 
    None
 
    .EXAMPLE
 
    enable-mailDynamicGroup -globalCatalogServer GC -routingContactConfig contactConfiguration -originalDLConfiguration DLConfiguration
 
    #>

    Function Enable-MailDyamicGroup
     {
        [cmdletbinding()]

        Param
        (
            [Parameter(Mandatory = $true)]
            [string]$globalCatalogServer,
            [Parameter(Mandatory = $true)]
            $routingContactConfig,
            [Parameter(Mandatory = $true)]
            $originalDLConfiguration,
            [Parameter(Mandatory = $false)]
            $isRetry=$FALSE
        )

        #Output all parameters bound or unbound and their associated values.

        write-functionParameters -keyArray $MyInvocation.MyCommand.Parameters.Keys -parameterArray $PSBoundParameters -variableArray (Get-Variable -Scope Local -ErrorAction Ignore)

        [string]$isTestError="No"

        #Declare function variables.

        $functionEmailAddress=$NULL

        #Start function processing.

        Out-LogFile -string "********************************************************************************"
        Out-LogFile -string "BEGIN Enable-MailDyamicGroup"
        Out-LogFile -string "********************************************************************************"

        #Log the parameters and variables for the function.

        #Create the dynamic distribution group.
        #This is very import - the group is scoped to the OU where it was created and uses the two custom attributes.
        #If the mail contact is ever moved from the OU that the DL originally existed in - hybrid mail flow breaks.

        try{
            out-logfile -string "Creating dynamic group..."

            if ($isRetry -eq $false)
            {
                $tempOUSubstring = Get-OULocation -originalDLConfiguration $originalDLConfiguration

                new-dynamicDistributionGroup -name $originalDLConfiguration.name -alias $originalDLConfiguration.mailNickName -primarySMTPAddress $originalDLConfiguration.mail -organizationalUnit $tempOUSubstring -domainController $globalCatalogServer -includedRecipients AllRecipients -conditionalCustomAttribute1 $routingContactConfig.extensionAttribute1 -conditionalCustomAttribute2 $routingContactConfig.extensionAttribute2 -displayName $originalDLConfiguration.DisplayName 

            }
            else 
            {
                $tempOUSubstring = Get-OULocation -originalDLConfiguration $routingContactConfig

                new-dynamicDistributionGroup -name $originalDLConfiguration.name -alias $originalDLConfiguration.Alias -primarySMTPAddress $originalDLConfiguration.windowsEmailAddress -organizationalUnit $tempOUSubstring -domainController $globalCatalogServer -includedRecipients AllRecipients -conditionalCustomAttribute1 $routingContactConfig.extensionAttribute1 -conditionalCustomAttribute2 $routingContactConfig.extensionAttribute2 -displayName $originalDLConfiguration.DisplayName
            }

        }
        catch{
            out-logfile -string $_
            $isTestError="Yes"
            return $isTestError
        }

        #All of the email addresses that existed on the migrated group need to be stamped on the new group.

        if ($isRetry -eq $FALSE)
        {
            foreach ($address in $originalDLConfiguration.proxyAddresses)
            {
                out-logfile -string ("Adding proxy address = "+$address)

                #If the address is not a mail.onmicrosoft.com address - stamp it.
                #Otherwise skip it - this is because the address is stamped on the mail contact already.

                if (!$address.contains("mail.onmicrosoft.com"))
                {
                    out-logfile -string "Address is not a mail.onmicrosoft.com address."

                    try{
                        set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -emailAddresses @{add=$address} -domainController $globalCatalogServer
                    }
                    catch{
                        out-logfile -string $_ 
                        $isTestError="Yes"
                        return $isTestError
                    }
                }
                else 
                {
                    out-logfile -string "Address is a mail.onmicrosoft.com address - skipping."    
                }
            }
        }
        else
        {
            foreach ($address in $originalDLConfiguration.emailAddresses)
            {
                out-logfile -string ("Adding proxy address = "+$address)

                #If the address is not a mail.onmicrosoft.com address - stamp it.
                #Otherwise skip it - this is because the address is stamped on the mail contact already.

                if (!$address.contains("mail.onmicrosoft.com"))
                {
                    out-logfile -string "Address is not a mail.onmicrosoft.com address."

                    try{
                        set-dynamicdistributionGroup -identity $originalDLConfiguration.windowsEmailAddress -emailAddresses @{add=$address} -domainController $globalCatalogServer
                    }
                    catch{
                        out-logfile -string $_ 
                        $isTestError="Yes"
                        return $isTestError
                    }
                }
                else 
                {
                    out-logfile -string "Address is a mail.onmicrosoft.com address - skipping."    
                }
            }
        }

        #The legacy Exchange DN must now be added to the group.

        if ($isRetry -eq $FALSE)
        {
            $functionEmailAddress = "x500:"+$originalDLConfiguration.legacyExchangeDN

            out-logfile -string $originalDLConfiguration.legacyExchangeDN
            out-logfile -string ("Calculated x500 Address = "+$functionEmailAddress)

            try{
                set-dynamicDistributionGroup -identity $originalDLConfiguration.mail -emailAddresses @{add=$functionEmailAddress} -domainController $globalCatalogServer
            }
            catch{
                out-logfile -string $_
                $isTestError="Yes"
                return $isTestError        
            }
        }
        else 
        {
            out-logfile -string "X500 added in previous operation since it already existed on the group."    
        }

        
        #The script intentionally does not set any other restrictions on the DL.
        #It allows all restriction to be evaluated once the mail reaches office 365.
        #The only restriction I set it require sender authentication - this ensures that anonymous email can still use the DL if the source is on prem.

        if ($isRetry -eq $FALSE)
        {
            if ($originalDLConfiguration.msExchRequireAuthToSendTo -eq $NULL)
            {
                out-logfile -string "The sender authentication setting was not set - maybe legacy version of Exchange."
                out-logfile -string "The sender authentication setting value FALSE in this instance."

                try {
                    set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -RequireSenderAuthenticationEnabled $FALSE -domainController $globalCatalogServer
                }
                catch {
                    out-logfile -string $_
                    $isTestError="Yes"
                    return $isTestError
                }
            }
            else
            {
                out-logfile -string "Sender authentication setting is present - retaining setting as present."

                try {
                    set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -RequireSenderAuthenticationEnabled $originalDLConfiguration.msExchRequireAuthToSendTo -domainController $globalCatalogServer
                }
                catch {
                    out-logfile -string $_
                    $isTestError="Yes"
                    return $isTestError
                }
            }
        }
        else 
        {
            try{
                set-dynamicDistributionGroup -identity $originalDLConfiguration.windowsEmailAddress -RequireSenderAuthenticationEnabled $originalDLConfiguration.RequireSenderAuthenticationEnabled -domainController $globalCatalogServer
            }
            catch{
                out-logfile -string "Unable to update require sender authentication on the group."
                out-logfile -string $_ -isError:$TRUE
            }
        }

        #Evaluate hide from address book.

        if ($isRetry -eq $FALSE)
        {
            if (($originalDLConfiguration.msExchHideFromAddressLists -eq $TRUE) -or ($originalDLConfiguration.msExchHideFromAddressLists -eq $FALSE))
            {
                out-logfile -string "Evaluating hide from address list."

                try {
                    set-dynamicdistributionGroup -identity $originalDLConfiguration.mail -HiddenFromAddressListsEnabled $originalDLConfiguration.msExchHideFromAddressLists -domainController $globalCatalogServer
                }
                catch {
                    out-logfile -string $_
                    $isTestError="Yes"
                    return $isTestError
                }
            }
            else
            {
                out-logfile -string "Hide from address list settings retained at default value - not set."
            }
        }
        else 
        {
            try {
                set-dynamicdistributionGroup -identity $originalDLConfiguration.windowsEmailAddress -HiddenFromAddressListsEnabled $originalDLConfiguration.HiddenFromAddressListsEnabled -domainController $globalCatalogServer
            }
            catch {
                out-logfile -string $_
                $isTestError="Yes"
                return $isTestError
            }
        }

        Out-LogFile -string "END Enable-MailDyamicGroup"
        Out-LogFile -string "********************************************************************************"
    }