In previous articles I have demonstrated how to restrict distribution groups as well as how to report on who can send email to a distribution group in Exchange Server 2010.
In the comments of that second article Lee asks:
Now that I have a list of users who can send to this Distribution List, how do I remove one person? The EMC shows the same list, minus one person. I’m hoping they can be removed using the shell.
Edit: I should mention here that if you want to just modify one group the easiest way is probably just to use the GUI. But Lee is asking about the shell 
To answer the question let’s look at the following scenario. The “All Staff” distribution group is configured with the following restrictions on who is authorized to send email to the list.
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept*
Name : All Staff
AcceptMessagesOnlyFrom : {exchangeserverpro.net/Company/Head Office/Users/Alannah.Shaw, exchangeserverp
ro.net/Company/Head Office/Users/Alan.Reid}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Head Office/Users/Alannah.Shaw, exchangeserverp
ro.net/Company/Head Office/Users/Alan.Reid}
So we can see that Alan Reid and Alannah Shaw are currently allowed to send to the distribution group.
Now let’s assume we want to remove Alannah from that list. One way to do that would bet to use Set-DistributionGroup and overwrite the current setting with the new one.
[PS] C:\>Get-DistributionGroup "All Staff" | Set-DistributionGroup -AcceptMessagesOnlyFrom "Alan.Reid"
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept*
Name : All Staff
AcceptMessagesOnlyFrom : {exchangeserverpro.net/Company/Head Office/Users/Alan.Reid}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Head Office/Users/Alan.Reid}
This has the desired outcome, but would not be practical if there were more than a handful of users or groups that were allowed to send to the distribution group.
A more practical approach in that case would be to only remove Alannah Shaw from the list. We can see here that the “AcceptMessagesOnlyFrom” property is a multi-valued property.
[PS] C:\>$dg = Get-DistributionGroup "All Staff" [PS] C:\>$dg.AcceptMessagesOnlyFrom.GetType() IsPublic IsSerial Name -------- -------- ---- True True ADMultiValuedProperty`1
We can remove an entry from the multi-valued property, we just need to know the distinguished name of the item we want to remove. One easy way to get that is to query Alannah Shaw’s mailbox itself. So to remove her from the list in this example we would run this PowerShell command:
[PS] C:\>$dg.AcceptMessagesOnlyFrom -= (Get-Mailbox Alannah.Shaw).DistinguishedName
The final step is to set the new multi-valued property on the distribution group.
[PS] C:\>Get-DistributionGroup "All Staff" | Set-DistributionGroup -AcceptMessagesOnlyFrom $dg.AcceptMessagesOnlyFrom
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept*
Name : All Staff
AcceptMessagesOnlyFrom : {exchangeserverpro.net/Company/Head Office/Users/Alan.Reid}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Head Office/Users/Alan.Reid}
The same outcome has been achieved as before, but this time we selectively removed a person which is more practical if there are a lot of users or groups permitted to send to it, and would be easier to script if running through multiple distribution groups.
About Paul Cunningham
Thanks a lot for this, big help. I was unable to do this through the GUI because one of the mailboxes in the -AcceptMessagesOnlyFrom list had vanished, this prevented me from adding or removing users. I suppose the GUI could not locate the mailbox to to add the user (which was already in the list).
Thanks again.