In my article about restricting who can send to a distribution list Liz asked this question in the comments:
Is there a way to view a list of who is authorized to send to a distribution list once you have restricted it?
We have a good number of distribution lists within our company that are restricted and need a way to report on who is authorized to send without having to scroll and make screen shots every time HR wants to review them.
Exchange 2010 makes this easy thanks to the Exchange Management Shell. You can use Get-DistributionGroup to query a group for the message delivery restrictions.
Notice in this example that there are three attributes for AcceptMessagesOnlyFrom…
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept* Name : All Staff AcceptMessagesOnlyFrom : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari} AcceptMessagesOnlyFromDLMembers : {} AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari}
If we look at the same group but this time configured to accept messages from members of a distribution list it looks like this.
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept* Name : All Staff AcceptMessagesOnlyFrom : {} AcceptMessagesOnlyFromDLMembers : {exchangeserverpro.net/Company/Groups/Administration Team} AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Groups/Administration Team}
And now again the same group but this time configured to accept messages from both a single user and a distribution list.
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept* Name : All Staff AcceptMessagesOnlyFrom : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari} AcceptMessagesOnlyFromDLMembers : {exchangeserverpro.net/Company/Groups/Administration Team} AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari, exchangeserver pro.net/Company/Groups/Administration Team}
As you can see the AcceptMessagesOnlyFrom attribute lists individual authorized senders, and the AcceptMessagesOnlyFromDLMembers attribute lists distribution lists that are authorized senders, and then both are shown in the AcceptMessagesOnlyFromSendersOrMembers attribute.
So for reporting purposes we can query the AcceptMessagesOnlyFromSendersOrMembers attribute.
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,acceptmessagesonlyfromsendersormembers Name : All Staff AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari, exchangeserver pro.net/Company/Groups/Administration Team}
To list all distribution groups in the organization that are restricted for who can send to them you can run this command.
[PS] C:\>Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers Name : All Staff AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari, exchangeserver pro.net/Company/Groups/Administration Team} Name : Executives AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Groups/Administration Team}
What is the security threat in allowing external users send mail to distribution list?
When some one searches for his vital thing, so he/she wishes to be available that in detail, thus that thing
is maintained over here.
Hi there Paul
First at all, thanks for your excellent post.
I have this question:
1. Do you know if this commands works fine with Office365 or further versions of Exchange like 2016?
i’ll stay aware.
Kind regards,
Juan
We have requirement to get the list of members who are able to send mails to a particular DL. We should be able to distinguish between the Group Mailbox, Distribution list and individual who has permissions to send mail to a DL. ? Can you help with this ?
How to copy the send permission list of 1 DL to another Dl via shell
Hi Paul , I want to match two condition in script
First Condition: I want to export the DL’s which is having above 250 members
Second condition : I need to export unrestricted DL’s from first condition result.
is there a way to get a list of distribution lists that are externally accessible for e-mail delivery?
We have enabled certain distribution list to be accessible for delivery from external sources and I’m looking for a way to list the ones where the “require that all senders are authenticated” is not checked.
Get-DistributionGroup | Where {$_.RequireSenderAuthenticationEnabled -eq $false}
Is there a way to use wildcards in the AcceptMessagesOnlyFrom attribute?
For example, say I want to only allow e-mails from practical365.com and do not want to create a contact for every address.
GREAT BLOG.
No but you can do wildcards in some Transport Rule settings so take a look there instead.
I’m trying to use:
Get-DistributionGroup -organizationalunit “OUName” | Where {$_.AcceptMessagesOnlyFromSendersOrMembers -contains “avayamsg*”} | fl Name,AcceptMessagesOnlyFromSendersOrMembers
Can a wildcard be used? I think the issue may be the “user” that contained in the Accept Messages From field is actually a contact for our Voice Mail system … “avayamsg@domain.gov”
The command runs but returns no results. I’ve tried it with the Alias, full email address and a wildcard as shown above. Any suggestions?
Thank you so much for helping to this point. I had actually realized my error in using the FL first. I know enough PS to be dangerous … :0/
Wildcard won’t work with -contains but I just managed to do a quick test and it looks like -match is the operator that will work in your situation.
For example this returns the expected result for me:
Get-DistributionGroup | Where {$_.Acceptmessagesonlyfromsendersormembers -match “Alannah”}
That worked like a charm! I’ve never used the -match operator before, but I will definitely use it in the future. Thank you so much for your help. Have a great day!
No worries, glad it worked. -Match is pretty useful for basic string matches like that, and very powerful because it can also do Regex.
Is there a way to find all distribution groups that have a specific user in the Accept Messages From.
I tried this using the following command
Get-DistributionGroup -organizationalunit “” |fl name,acceptmessagesonlyfrom | where {$_.AcceptMessagesOnlyFromSendersOrMembers -eq “”}
I also tried the wildcard of the user name *username* but that did not work either.
Command was …
Get-DistributionGroup -organizationalunit “” |fl name,acceptmessagesonlyfrom | where {$_.AcceptMessagesOnlyFromSendersOrMembers -eq “<FQDN of user entered"}
You’re trying to use Format-List (fl) and then pipe that to Where-Object (where). That won’t work, Format-* commands should always go last in a pipeline (if you need to use them).
AcceptMessagesOnlyFromSendersOrMembers is also a multi-value attribute. So you might need to try -Contains instead of -Eq for the condition.
So perhaps try this (I haven’t tested it yet):
Get-DistributionGroup | Where {$_.AcceptMessagesOnlyFromSendersOrMembers -contains “user”} | fl Name,AcceptMessagesOnlyFromSendersOrMembers
I nave set of users and need to get who has sending access to the DL and Dynamic DL;s like below command.
Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -eq “user name”} | fl name, acceptmessagesonlyfromsendersormembers | format-list
I migrated from Exchange 2007 to 2013 and had restricted some users from sending emails to specific distribution lists. How do I find and remove those now in 2013?
The output I get from:
Get-DistributionGroup “Group Namef” | fl name,accept*
make it look as though there are no restrictions:
Name : Group Name
AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {}
Are you sure that’s how you restricted them in the first place?
Paul,
Thanks for the reply.
It was done while we were in Exchange 2007, and the interface was different, so it was done via Exchange Management console but I don’t recall the exact steps, I was not the one that did it.
I found it in AD users and computers ‘unauthOrig’ on the attributes tab.
I removed the user from there not sure if that broke anything yet or not.
No ill effects from editing with the attributes tab.
Hi Paul,
How are you, i have a question about Ms. Exchange 2013 . how to get list of all distribution group in Exchange filter by delivery mangement , and export the list to CSV format.
thanks,
welly
Pingback: Exchange 2010 Send As Distribution Group Multiple Users | Agrialimentaire
Can you tell me if it’s possible to assign a dynamic distribution group under “message restrictions”, “Only Senders from this list.
Thanks
hi all,
Get-QADGroup -SizeLimit 0 | where {($_.CanonicalName -notlike “*MYGAL*”) -and ($_.PrimarySMTPAddress -like “*@*”)} | Select-Object Name,@{n=’MemberCount’;e={$($_.AllMembers.Count)}}
I can get groups count with the script below, it works fine and also I need to find which groups have Delivery Restrictions (AcceptMessagesOnlyFromSendersOrMembers) is set on.
And I want both of the scripts will work only in one session and export result just like;
Group Name Count Delivery Restrictions (AcceptMessagesOnlyFromSendersOrMembers)
muminDL 1500 Email Allowed Group;mumincicek etc
cicekDL 1000 Email Allowed Group, bill gates, SendMailSG etc
Hi, is there any way to find and send a auto generated mails to distribution list where as DL manager name is missing?
I’m using:
“get-distributiongroup “DistroName” | fl name,AcceptMessagesOnlyFrom”
The problem is the results is truncated. Is there some way I can get it to display the full access list, or how would I go about feeding the output to a text file?
I have the same issue. I have compared it to the actual list and some members are missing. Did you get the info you needed?
Personally I would quite like to get these in list format as well -_-
Having the same problem
Handling truncated output:
https://www.practical365.com/how-to-prevent-truncation-of-long-output-in-exchange-management-shell/
Trying to export the output to a csv file using this command :
“Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers | Export-Csv c:maildistrogroup.csv -notype”
Keep getting what appears to be a list of GUID’s and nothing else.
Any ideas how I can export this to csv file
Thanks!
This will help with your export
Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | Select Name,@{Name=”AcceptMessagesOnlyFromSendersorMembers”;Expression={[string]::join(“;”,($_.AcceptMessagesOnlyFromSendersorMembers | foreach {$_.Name}))}} | Export-Csv C:MailDistrGroupAccept.csv -NoType -Force
Orginal source from Shay – http://www.powergui.org/message.jspa?messageID=34099#34099
With the release of SP3 for Exchange 2010, this now returns no results when you try to translate the guids to the regular names. Any Ideas?
Paul
I can’t get this to work at all. When I run the command below nothing happens, I am just returned to the prompt. I must be doing something wrong.
Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers
I’m using Exchange 2007 and have also tried truncating the attribute both ways as you suggested in answer to route above.
Please help.
Peter
Now that I have a list of users who can send to this Distribution List, how do I remove one person? The EMC shows the same list, minus one person. I’m hoping they can be removed using the shell.
Hi Lee, for removing a single person from being able to send to a single group I would personally just use the GUI. But for scripting it or running it across multiple groups here is a quickly written tip that should help you:
https://www.practical365.com/configure-a-distribution-group-to-no-longer-accept-messages-from-a-sender
For the output of AcceptMessagesOnlyFromSendersOrMembers, how can I just get the Display name of the members? IE to filter out those domain.OU field
Thanks
I was hoping for exactly the same thing -_-
Me too… Been fighting this for a while…. Manually doing it in Excel is painful.
get-distributiongroup “groupname” | select -expandproperty AcceptMessagesOnlyFrom | select name
Thanks, this doesn’t work for me though, I just get an empty list…
Thank you Jon, just what i needed!
how do you make this work in Exchange 2007?
Hi route, the same attributes exist on distribution groups in Exchange 2007 as well.
is ther something on the end of the command that I am missing? I’m not getting the same reults. Nothing appears on screen. it just goes back the prompt.
[PS] C:\>Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers
Whoops, should have said only these two attributes exist (at least on the groups I’m looking at here):
AcceptMessagesOnlyFrom
AcceptMessagesOnlyFromDLMembers
So you’d need to query those two instead.
We receive one query where user wants list of all Distribution list which start with specific name (sul), Is it possible to find out all the DL ?
Get-DistributionGroup -identity sul*
Is that what you mean?
Yes.. Thanks..