I got the question about nested groups and dynamic distributions groups, well to make it easy. No you cant (anymore).

Ill explain it a bit more, but remember just say no.

Well you might think that you can do a dynamic distribution group from anything, that is almost correct. Anything you can make an OAUTH filter for yes. But doing a nestled group lookup requires LDAP and that support has been removed.

As far as I have been able to gather it isnt possible to do this kind of query in OAUTH. In the good old days of LDAP we had the possibility of using LDAP_MATCHING_RULE_IN_CHAIN (memberOf:1.2.840.113556.1.4.1941=IndirectgroupDN). But with OAUTH I havn’t found that solution.

Microsoft has a good list of what variables you can use on Filterable Properties for the -RecipientFilter Parameter. Armed with that and New-DynamicDistributionGroups I’m sure you will get it done anyway.