In my article about restricting who can send to a distribution list Liz asked this question in the comments:
Is there a way to view a list of who is authorized to send to a distribution list once you have restricted it?
We have a good number of distribution lists within our company that are restricted and need a way to report on who is authorized to send without having to scroll and make screen shots every time HR wants to review them.
Exchange 2010 makes this easy thanks to the Exchange Management Shell. You can use Get-DistributionGroup to query a group for the message delivery restrictions.
Notice in this example that there are three attributes for AcceptMessagesOnlyFrom…
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept*
Name : All Staff
AcceptMessagesOnlyFrom : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari}
If we look at the same group but this time configured to accept messages from members of a distribution list it looks like this.
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept*
Name : All Staff
AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMembers : {exchangeserverpro.net/Company/Groups/Administration Team}
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Groups/Administration Team}
And now again the same group but this time configured to accept messages from both a single user and a distribution list.
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,accept*
Name : All Staff
AcceptMessagesOnlyFrom : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari}
AcceptMessagesOnlyFromDLMembers : {exchangeserverpro.net/Company/Groups/Administration Team}
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari, exchangeserver
pro.net/Company/Groups/Administration Team}
As you can see the AcceptMessagesOnlyFrom attribute lists individual authorized senders, and the AcceptMessagesOnlyFromDLMembers attribute lists distribution lists that are authorized senders, and then both are shown in the AcceptMessagesOnlyFromSendersOrMembers attribute.
So for reporting purposes we can query the AcceptMessagesOnlyFromSendersOrMembers attribute.
[PS] C:\>Get-DistributionGroup "All Staff" | fl name,acceptmessagesonlyfromsendersormembers
Name : All Staff
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari, exchangeserver
pro.net/Company/Groups/Administration Team}
To list all distribution groups in the organization that are restricted for who can send to them you can run this command.
[PS] C:\>Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers
Name : All Staff
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Users/Branch Office/Aisha.Bhari, exchangeserver
pro.net/Company/Groups/Administration Team}
Name : Executives
AcceptMessagesOnlyFromSendersOrMembers : {exchangeserverpro.net/Company/Groups/Administration Team}
About Paul Cunningham
We receive one query where user wants list of all Distribution list which start with specific name (sul), Is it possible to find out all the DL ?
Get-DistributionGroup -identity sul*
Is that what you mean?
Yes.. Thanks..
how do you make this work in Exchange 2007?
Hi route, the same attributes exist on distribution groups in Exchange 2007 as well.
is ther something on the end of the command that I am missing? I’m not getting the same reults. Nothing appears on screen. it just goes back the prompt.
[PS] C:\>Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers
Whoops, should have said only these two attributes exist (at least on the groups I’m looking at here):
AcceptMessagesOnlyFrom
AcceptMessagesOnlyFromDLMembers
So you’d need to query those two instead.
For the output of AcceptMessagesOnlyFromSendersOrMembers, how can I just get the Display name of the members? IE to filter out those domain.OU field
Thanks
Now that I have a list of users who can send to this Distribution List, how do I remove one person? The EMC shows the same list, minus one person. I’m hoping they can be removed using the shell.
Hi Lee, for removing a single person from being able to send to a single group I would personally just use the GUI. But for scripting it or running it across multiple groups here is a quickly written tip that should help you:
http://exchangeserverpro.com/configure-a-distribution-group-to-no-longer-accept-messages-from-a-sender
Paul
I can’t get this to work at all. When I run the command below nothing happens, I am just returned to the prompt. I must be doing something wrong.
Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers
I’m using Exchange 2007 and have also tried truncating the attribute both ways as you suggested in answer to route above.
Please help.
Peter
Trying to export the output to a csv file using this command :
“Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | fl name,acceptmessagesonlyfromsendersormembers | Export-Csv c:\maildistrogroup.csv -notype”
Keep getting what appears to be a list of GUID’s and nothing else.
Any ideas how I can export this to csv file
Thanks!
This will help with your export
Get-DistributionGroup | where {$_.AcceptMessagesOnlyFromSendersOrMembers -ne $null} | Select Name,@{Name=”AcceptMessagesOnlyFromSendersorMembers”;Expression={[string]::join(“;”,($_.AcceptMessagesOnlyFromSendersorMembers | foreach {$_.Name}))}} | Export-Csv C:\MailDistrGroupAccept.csv -NoType -Force
Orginal source from Shay – http://www.powergui.org/message.jspa?messageID=34099#34099
With the release of SP3 for Exchange 2010, this now returns no results when you try to translate the guids to the regular names. Any Ideas?
I’m using:
“get-distributiongroup “DistroName” | fl name,AcceptMessagesOnlyFrom”
The problem is the results is truncated. Is there some way I can get it to display the full access list, or how would I go about feeding the output to a text file?