If you’ve migrated from on premise exchange to Office 365 and no longer have any on premise administration tools, follow this process to allow users to send emails to restricted distribution groups.
Prerequisites: you should be syncing your on premise domain to Office 365 via Azure AD Connect or Cloud Sync.
Part 1: Copying the users distinguished name:
- Open your Active Directory Users and Computers window
- Click “View” at the top, and make sure “Advanced Features” is checked
- Expand your OUs to find the user you want to allow access
- Do not search for the user. If you search, the “Attribute Editor” tab may not appear
- Under user properties, select the “Attribute Editor” tab
- Locate the “Distinguished Name” attribute
- I find it easier to click “Filter”, and select “Show only attributes that have values”
- Click “View” on the attribute, then do a ctrl-c to copy the value (it should already be highlighted)
Part 2: Pasting the users distinguished name into the distribution list:
- Expand your OUs to find the distribution list you want to add the user too
- Under the distribution list properties, select the “Attribute Editor” tab
- Select “Edit” on the “authOrig” attribute
- Paste the distinguished name into the “Value to add” field
- Select “OK” and “Apply” to confirm the changes
- Optional: initiate a synchronization of your on premise domain to Azure to force the change faster