Setting Distribution Group Delivery Restrictions via PowerShell
Adjusting the delivery restrictions on distribution groups is quite a common task. The more members a group has the more of a problem this ends up being in big organisations.
Setting the permissions in the Exchange Management Console (EMC) is simple enough when you have one or two people/groups to add to the allowed list. When you have many user/groups needing to be added across a massive range of groups then this is something your going to need to script.
Now this is where it doesn’t quite work as expected. It’s easy enough to create a shell command to add multiple users to the -AcceptMessagesOnlyFrom attribute on the DL object but when doing this you’ll find that only the last one in the list has been added. This is because the attribute is an array. You can view this using the following command.
Get-DistributionGroup -Identity "GROUP-NAME-HERE" | Select -expand AcceptMessagesOnlyFrom | ft Name</em> |
To add a new user to this list you have to call the already existing list and then add the new user to the end of it. Because PowerShell is so, well, powerful you can do this quite easily with one one-liner:
Set-DistributionGroup "GROUP-NAME-HERE" -AcceptMessagesOnlyFrom((Get-DistributionGroup "GROUP-NAME-HERE").AcceptMessagesOnlyFrom + "IDENTITY-OF-USER-OR-GROUP-HERE") |
The identity of the new group or user can be in the form of the following attributes:
- Distribution Name (DN)
- Canonical Name
- GUID
- Name
- Display Name
- Alias
- Exchange DN
- Primary SMTP Email Address
Now, that’s all very well, but what if you’d like to add multiple users to multiple groups? Here you go – just stick the groups you’d like to amend and the users to be applied to those groups in the text files.
$People = gc C:\People.txt $Groups = gc C:\Groups.txt ForEach ($Group in $Groups) { Set-DistributionGroup $Group -AcceptMessagesOnlyFrom((Get-DistributionGroup $Group).AcceptMessagesOnlyFrom + $People) } |