none
Message :DROP routing .. on Dynamic Distribution Group RRS feed

  • Question

  • Hi all,

    Scenario:

    All On-Prem Exchange 2016.

    Created a Global Security Group in Active Directory called SGG-TEST1 in OU Groups. Created a Universal Security Group in Active Directory called SGU-TEST2 in OU Groups.

    SGG-TEST1 contains 2 users : Richardtest1 and Richardtest2. SGU-TEST2 contains 2 users : Richardtest1 and Richardtest2

    After that i created 2 dynamic distribution groups:

    New-DynamicDistributionGroup -Name "DDG-TEST2" -OrganizationalUnit "test.domain.local/Groups/Distribution Groups" -Alias "DDG-TEST2" -RecipientFilter {(MemberOfGroup -eq "CN=SGU-TEST2,OU=Groups,DC=TEST,DC=DOMAIN,DC=LOCAL")}
    New-DynamicDistributionGroup -Name "DDG-TEST1" -OrganizationalUnit "test.domain.local/Groups/Distribution Groups" -Alias "DDG-TEST1" -RecipientFilter {(MemberOfGroup -eq "CN=SGG-TEST1,OU=Groups,DC=TEST,DC=DOMAIN,DC=LOCAL")}

    Then i checked if the members are in the dynamic distribution groups

    $FTE = Get-DynamicDistributionGroup "DDG-TEST1"
    Get-Recipient -RecipientPreviewFilter $FTE.RecipientFilter
    $FTE2 = Get-DynamicDistributionGroup "DDG-TEST2"
    Get-Recipient -RecipientPreviewFilter $FTE2.RecipientFilter

    Result : Each group shows 2 members.. So that is correct

    Now i am sending from user Richardtest3 a test mail message to DDG-TEST1 and DDG-TEST2. But richardtest1 and 2 do NOT receive any emails. Lets troubleshoot:

    Get-ExchangeServer | Get-MessageTrackingLog -Recipients DDG-TEST1@testmail.nl -MessageSubject RichardTest1

    12/9/2019 4:27:14 PM   RECEIVE          STOREDRIVER   R.Test3@testmail.nl {DDG-TEST1@testmail.nl ... RichardTest1
    12/9/2019 4:27:16 PM   SUBMIT           STOREDRIVER   R.Test3@testmail.nl v.nl {DDG-TEST1@testmail.nl ... RichardTest1
    12/9/2019 4:27:15 PM   HAREDIRECT       SMTP          R.Test3@testmail.nl  {DDG-TEST1@testmail.nl ... RichardTest1
    12/9/2019 4:27:15 PM   RECEIVE          SMTP          R.Test3@testmail.nl  {DDG-TEST1@testmail.nl ... RichardTest1
    12/9/2019 4:27:15 PM   DROP             ROUTING       R.Test3@testmail.nl  {DDG-TEST1@testmail.nl ... RichardTest1
    12/9/2019 4:27:15 PM   HARECEIVE        SMTP          R.Test3@testmail.nl  {DDG-TEST1@testmail.nl ... RichardTest1
    12/9/2019 4:29:19 PM   HADISCARD        SMTP          R.Test3@testmail.nl  {DDG-TEST1@testmail.nl ... RichardTest1

    Output for the DROP ROUTING:

    Recipients              : {DDG-TEST1@testmail.nl}
    RecipientStatus         : {[{LED=250 2.1.5 RESOLVER.GRP.Expanded; distribution list expanded};{MSG=};{FQDN=};{IP=};{LRT=}]}

    I understand that DROP does not mean that the message is dropped by exchange but the the list is expanded due to a dynamic distribution group with multiple members. But why is that message not delivered in richardtest1 or richardtest2 mailbox? Even when i use messagetrackinglog on those 2 users mailbox it show nothing.. Where are those message gone? The exchange queues are empty as well. Its not send outside the mail organization since its all internal. Any insights?

    Regards

    Richard


    • Edited by richard_kok Tuesday, December 10, 2019 11:40 AM
    Tuesday, December 10, 2019 11:39 AM

All replies

  • Search by Message ID, What does that show?
    Tuesday, December 10, 2019 11:44 AM
    Moderator
  • 

    Some extra info:

    Source                  : ROUTING
    EventId                 : EXPAND
    InternalMessageId       : 26920855011329
    MessageId               : <4fb23e4f3a45445e9ea6e30cd95588c3@......>
    NetworkMessageId        : dfc64c99-9cb0-407f-fec7-08d77cbc44c5
    Recipients              : {}
    RecipientStatus         : {250 2.1.5 RESOLVER.GRP.Expanded; distribution list expanded}
    TotalBytes              : 7197
    RecipientCount          : 0
    RelatedRecipientAddress : DDG-TEST1@......l
    Reference               :
    MessageSubject          : RichardTest1
    Sender                  : R.Test3@......
    ReturnPath              : R.Test3@......
    Directionality          : Originating
    TenantId                :
    OriginalClientIp        :
    MessageInfo             :
    MessageLatency          :
    MessageLatencyType      : None
    EventData               : {[DeliveryPriority, Normal], [AccountForest, DOMAIN.LOCAL]}

    and

    Source                  : ROUTING
    EventId                 : DROP
    InternalMessageId       : 26920855011329
    MessageId               : <4fb23e4f3a45445e9ea6e30cd95588c3@.......>
    NetworkMessageId        : dfc64c99-9cb0-407f-fec7-08d77cbc44c5
    Recipients              : {DDG-TEST1@......}
    RecipientStatus         : {[{LED=250 2.1.5 RESOLVER.GRP.Expanded; distribution list
                              expanded};{MSG=};{FQDN=};{IP=};{LRT=}]}
    TotalBytes              : 7197
    RecipientCount          : 1
    RelatedRecipientAddress :
    Reference               :
    MessageSubject          : RichardTest1
    Sender                  : R.Test3@.....
    ReturnPath              : R.Test3@....
    Directionality          : Originating
    TenantId                :
    OriginalClientIp        :
    MessageInfo             :
    MessageLatency          :
    MessageLatencyType      : None
    EventData               : {[DeliveryPriority, Normal], [AccountForest, DOMAIN.LOCAL]}

    Tuesday, December 10, 2019 12:43 PM
  • Its not finding any recipients when expanded.

    also set the DDG to report NDRs back to the sender and test again:

    Set-DynamicDistributionGroup <group>  -ReportToOriginatorEnabled $true

    Tuesday, December 10, 2019 1:08 PM
    Moderator
  • Set-DynamicDistributionGroup <group>  -ReportToOriginatorEnabled $true

    It was allready enabled on both groups (DDG-TEST1 and DDG-TEST2)

    Furthermore these commands proved that they contain members/recipients:

    $FTE = Get-DynamicDistributionGroup "DDG-TEST1"
    Get-Recipient -RecipientPreviewFilter $FTE.RecipientFilter
    $FTE2 = Get-DynamicDistributionGroup "DDG-TEST2"
    Get-Recipient -RecipientPreviewFilter $FTE2.RecipientFilter

    • Edited by richard_kok Tuesday, December 10, 2019 3:54 PM
    Tuesday, December 10, 2019 1:52 PM
  • Hi richard_kok,

    When you create a dynamic distribution group, you need to add the parameter -RecipientContainer. This container indicates  the scope of where the filter must be applied to. If you don’t specify anything, it’s not going to assume that you want to filter on the entire domain, it will just assume that it needs to apply to the OrganizationalUnit where you want to save the Distribution List. This OU only contains DL objects, so this is not what we want.

    So it is recommended to remove the DDG and create a new one with -RecipientContainer specified.

    New-DynamicDistributionGroup -Name "DDG-TEST1" -OrganizationalUnit "test.domain.local/Groups/Distribution Groups" -Alias "DDG-TEST1" -RecipientFilter {(MemberOfGroup -eq "CN=SGG-TEST1,OU=Groups,DC=TEST,DC=DOMAIN,DC=LOCAL")} –RecipientContainer "test.domain.local/Groups"

    Regards,

    Beverly Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, December 11, 2019 9:09 AM
  • Hi Beverly,

    I deleted the old Groups and recreated the groups with the -RecipientContainer parameter. However I get the same negative results. The recipients do not receive the mail.

    From MS Documentation:

    -RecipientContainer

    The RecipientContainer parameter specifies a filter that's based on the recipient's location in Active Directory. Valid input for this parameter is an organizational unit (OU) or domain that's returned by the Get-OrganizationalUnit cmdlet. You can use any value that uniquely identifies the OU or domain. For example:

    • Name

    • Canonical name

    • Distinguished name (DN)

    • GUID

    If you don't use this parameter, the default value is the OU where the object was created.

    Note that the RecipientContainer property can't be blank. The group is always limited to looking for recipients in a specific location (the value you specify for this parameter, or the location where the group was created).

    Regards

    Richard


    • Edited by richard_kok Wednesday, December 11, 2019 12:30 PM
    Wednesday, December 11, 2019 11:59 AM
  • Hi Beverly,

    You have put me on the right track .. It seems the recipient container option should point to the OU in which the users are residing. It should not point to the OU where the SGG-TEST1 and SGG-TEST2 groups are living.

    I changed the command to

    New-DynamicDistributionGroup -Name "DDG-TEST1" -OrganizationalUnit "test.domain.local/Groups/Distribution Groups" -Alias "DDG-TEST1" -RecipientFilter {(MemberOfGroup -eq "CN=SGG-TEST1,OU=Groups,DC=TEST,DC=DOMAIN,DC=LOCAL")} –RecipientContainer "test.domain.local/Users/Test"

    New-DynamicDistributionGroup -Name "DDG-TEST1" -OrganizationalUnit "test.domain.local/Groups/Distribution Groups" -Alias "DDG-TEST1" -RecipientFilter {(MemberOfGroup -eq "CN=SGG-TEST1,OU=Groups,DC=TEST,DC=DOMAIN,DC=LOCAL")} –RecipientContainer "test.domain.local/Users/Test"

    After this change the results are:

    The SGG-TEST1 Dynamic Distribution Group does not work. Perhaps because the group is pointing to a : Security Group Type GLOBAL ?? 

    The SGG-TEST2 Dynamic Distribution Group is working. Perhaps because the group is pointing to a : Security Group Type UNIVERSAL

    Hoping this will help others

    Reghards

    Richard

    Wednesday, December 11, 2019 12:19 PM
  • Hi Beverly,

    You have put me on the right track .. It seems the recipient container option should point to the OU in which the users are residing. It should not point to the OU where the SGG-TEST1 and SGG-TEST2 groups are living.

    I changed the command to

    New-DynamicDistributionGroup -Name "DDG-TEST1" -OrganizationalUnit "test.domain.local/Groups/Distribution Groups" -Alias "DDG-TEST1" -RecipientFilter {(MemberOfGroup -eq "CN=SGG-TEST1,OU=Groups,DC=TEST,DC=DOMAIN,DC=LOCAL")} –RecipientContainer "test.domain.local/Users/Test"

    New-DynamicDistributionGroup -Name "DDG-TEST1" -OrganizationalUnit "test.domain.local/Groups/Distribution Groups" -Alias "DDG-TEST1" -RecipientFilter {(MemberOfGroup -eq "CN=SGG-TEST1,OU=Groups,DC=TEST,DC=DOMAIN,DC=LOCAL")} –RecipientContainer "test.domain.local/Users/Test"

    After this change the results are:

    The SGG-TEST1 Dynamic Distribution Group does not work. Perhaps because the group is pointing to a : Security Group Type GLOBAL ?? 

    The SGG-TEST2 Dynamic Distribution Group is working. Perhaps because the group is pointing to a : Security Group Type UNIVERSAL

    Hoping this will help others

    Reghards

    Richard

    Yes, you should always use a universal group
    Wednesday, December 11, 2019 1:34 PM
    Moderator
  • Hi,

    I am writing here to confirm with you how the thing going now?

    If you need further help, please provide more detailed information, so that we can give more appropriate suggestions.

    Regards,

    Beverly Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, December 16, 2019 2:02 AM