Set Send to permissions on distribution groups through powershell

Similar Messages

• Correct syntax to set "send as" permissions through Powershell

  Hello,
  A colleague of mine gave me a Powershell command to set "send as" permissions on a mailbox. His syntax is the following:
  Add-ADPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As'
  In that example the user mentioned after "-User" is the one who's mailbox is being configured. Easy enough. Earlier Technet articles also use this syntax.
  However, I stumbled across the
  following article. Which clearly says:
  This example grants Send As permissions for Aaron Painter to Terry Adams's mailbox.
  Add-ADPermission -Identity "Terry Adams" -User AaronPainter -AccessRights ExtendedRight -ExtendedRights "Send As"
  In this example "-User" is not the one mailbox that is being configured but the person that gets the rights.
  So who is right? Technet or Technet?

  Hi Fr0ns,
  Your colleague mistook it a little bit, (and I don't think he can compete with the Technet library :)
  -User <is always someone who is given permissions to>. In the Technet example - AaronPainter gets the permission to
  Send As Terry Adams.
  You can check it yourself pretty easily - enable command logging and attempt to assign the permissions with GUI where you clearly know who gets what.
  ▲ Vote if Helpful / Mark if Answer
  MCSE: Messaging 2013 Charter / Private Cloud / Server Infrastructure
  MaximumExchange.ru

• Unable to set send-as permissions because of hundrets of duplicate permissions

  hello,
  we are unable to set send-as permissons to mailboxes where more than 10 users already habe send-as permissions.
  when i use get-adpermission -identity "mailbox_abc" i get 4309 lines with permissions. But most are duplicates. every permission is set 31 times.
  when i remove a user there are 4278 lines, when i add an user there are 4309 lines.
  it seems that every account has between 1000 and 4000 permission lines
  when i use the GUI i only see 10 different permissions
  how can i fix it?
  thankyou in advance boris

  my problem are the hundreds of duplicates
  this is the output
  Get-ADPermission -Identity "mailbox_abc" | ?{($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self")} | select identity,user
  Identity                                                   
  User
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           NT-AUTORITÄT\SELBST
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\gka
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\ma
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\zr
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\fh
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\MT
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           NT-AUTORITÄT\SELBST
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\gka
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\ma
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\zr
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\fh
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\MT
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           NT-AUTORITÄT\SELBST
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\gka
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\ma
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\zr
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\fh
  sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied           SAMPLE\MT
  alltogether 4300 duplicate lines but only 5 different accounts
  rg. borris

• Setting up Send on Behalf for distribution Group

  Hi All,
  I have a distribution group named [email protected] setup and working fine.
  I want to allow member to Send on Behalf as this group, and have put the appropriate names in the Send on Behalf box, but for the life of me I cannot see how to actually send an email using the distribution group. There is no option in the from field to
  select this as a from address.
  I must be missing something, but what?
  Using exchange 2013, please help :)
  Kind Regards
  Richard

  If you see the FROM field in outlook, either just type the email address of the group, or click the FROM button and select the group from the GAL. The ladder is the preferred method.
  http://www.outlook-apps.com/send-from-other-email-address-outlook/
  DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com

• How to send a Workitem to User Group through WorkFlow

  Hi,
  I am developing a WorkFlow, in this i have an issue that i have to send a WorkItem to User Group on Certain condition. On Agent Assignment I want to assign User Group not a single or multiple Users.
  Could anyone resolve this issue. How can i resolve in WorkFlow.
  Harkesh Dang

  hi Harkesh,
  During agent assignment use Organizational unit -> All users in that organizational unit will receive workitem.
  Use Role -> All users having that role will receive workitem.
  Use Job/Position -> All users assigned to job/position ca receive workitem.
  Or else use expression -> Pass the user name through some selection criteria using a background method. Loop it. Create a task and workflow container and make sure that in properties tab multiline is checked.
  Hope it works.
  Regards,
  Raj

• Unable to send email as a distribution group address

  Hi
  We have a user who is a member of three distribution groups in exchange server 2010. He is able to send emails changing his “from” address to two of the distribution group addresses but not the other.
  This is the error message received “You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf
  of the correct sender, or request the necessary permission.”
  Can anyone assist
  Thanks
  Esky

  Hi Esky,
  Please make sure it has necessary permission assigned
  Please try deleting addressbook
  Close Outlook and delete the Offline Address book folder(s) under "C:\Users\Username\AppData\Local\Microsoft\Outlook \Offline Address Books\" (Assuming your OS is Windows 7)
  Please check this for details. It is a similar thread http://exchangeserverpro.com/forums/exchange-server-2010/536-exchange-2010-outlook-2007-2010-send-issues.html
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Issues creating dynamic distribution group with PowerShell

  I am trying to create a DDG with the following filters: Mailbox Users, specific OU and not member of a certain group. This script works fine (minus the exclusion):
  New-DynamicDistributionGroup -Name "1Test1" -RecipientContainer "OU=ABC,DC=xyz,DC=com" -IncludedRecipients 'MailBoxUser'
  \When I change the script to exclude members of the group the DDG is blank:
  New-DynamicDistributionGroup -Name "1Test1" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (MemberOfGroup -ne "CN=1ExcludeDynamic,OU=ExchangeGroups,DC=xyz,DC=com") -and (RecipientContainer -eq "OU=ABC,DC=xyz,DC=com")}
  Any ideas will be appreciated.

  All right. That's a good thing. Now create another new DDL using the Powershell cmdlet and the values you got from the "RecipientFilter" and "RecipientContainer" properties. Then verify that you get the same results as you do when you ran this on the one
  you created with the GUI:
  Get-DynamicDistributionGroup
  'NewGroup' | fl Name,RecipientContainer,RecipientFilter,LdapRecipientFilter
  and
  $g=Get-DynamicDistributionGroup NewGroup
  (Get-Recipient
  -RecipientPreviewFilter $g.RecipientFilter
  -OrganizationalUnit $g.RecientContainer).count
  If you do, then run a Get-DynamicDistributionGroup GROUPNAME | Set-Dynamic -RecipientFilter
  {(RecipientType -eq 'UserMailbox') -and (MemberOfGroup -ne "CN=1ExcludeDynamic,OU=ExchangeGroups,DC=xyz,DC=com")}
  Then see if it works as expected. If it doesn't try this:
  Get-DynamicDistributionGroup GROUPNAME | Set-Dynamic -RecipientFilter {(RecipientType -eq 'UserMailbox') -and -not (MemberOfGroup -eq "CN=1ExcludeDynamic,OU=ExchangeGroups,DC=xyz,DC=com")}
  --- Rich Matheisen MCSE&I, Exchange MVP

• Dynamic Distribution Group on HOSTED exchange 2010 not setting up properly

  Hi all,
  We have a hosted exchange 2010, which prevents us from using the EMC.
  I want to create a simple dynamic distribution group for every staff member in the organization but am facing a problem. I use the following command:
  New-DynamicDistributionGroup -Organization "organizationname" -IncludedRecipients MailboxUsers -Name "Office"
  This appears to work according to shell. In addition,
  Get-DynamicDistributionGroup -Organization "organizationname"
  DOES come up with "office" as a listing (though the "Managed by" field is empty. Should I care?)
  However:
  sending to that address creates a bounce-back "no such email address"
  a look in AD shows that the object has been created somewhat incorrectly
  It appears that while a group is nominatively created no email address is created attached to it (which should be [email protected]).
  I am by no means a shell expert and have been bumping my head for a few days now, any suggestion would be great!
  Thanks in advance,
  Rodolphe

  Hey, thanks for your reply Willard.
  Everything looks correct:
  name: Office
  Alias: Office
  PrimarySmtpAddress: [email protected]
  EmailAddressPolicyEnabled: False
  The bounceback now is quoting a permissions issue
  #< #5.7.1 smtp;550 5.7.1 RESOLVER.RST.AuthRequired; authentication required> #SMTP#
  This actually gives me the clues to resolve:
  When creating a distribution group through the EMC, by default it is "closed" so only members of that DDL can send to it. I have tested this by sending to it from an internal address and it does go through.
  Set-DynamicDistributionGroup <name> -RequireSenderAuthenticationEnabled $False
  resolves the issue to allow external senders.
  Thanks for your help Willard, your question was enough to get me going in the right direction. Hopefully some other newbie will find this useful in the future.

• Send Emails to Distribution Group

  Hi All,
  I have a scenario where we need to create one distribution group and 4 users in that distribution group. There are almost 70 companies who will send email to this distribution group.
  Now i want to achieve below goals,
  1) lets support i create an distribution group [email protected] and add 4 members in this distribution group.
  user1, user2, user3,user4
  2) If Company A send email to [email protected] only user1 & user2 will receive that email.
  3) If Compnay B send email to [email protected] only user3 & user4 will receive that email.
  Is there any possibility to achieve this goal i am using Exchange 2010 with Microsoft Forefront Online Protection.
  Thanks & Regards,
  Zeeshan Butt

  Hi Zeeshan Butt,
  Agree with the above suggestion, transport rule can achieve your requirement.
  The sender address matches(the sender’s domain is)
  The recipient address matches [email protected]
  Redirect the message to user3 & user4
  Here are some references you can refer to:
  Transport Rule Predicates:
  http://technet.microsoft.com/en-us/library/dd638183(v=exchg.150).aspx
  Transport Rule Actions:
  http://technet.microsoft.com/en-us/library/aa998315(v=exchg.150).aspx
  Manage Transport Rules:
  http://technet.microsoft.com/en-us/library/jj657505(v=exchg.150).aspx
  If you have any question, please feel free to let me know.
  Thanks,
  Angela
  Angela Shi
  TechNet Community Support

• Prohibit Sending Emails to Distribution Group at specific times

  Hi team,
  I have a request from my company to prohibit certain users from sending emails to Specific Distribution group at certain times.(12AM-7AM)
  Any help would be appreciated.
  Regards

  Hi,
  Based on my research, there is no feature in Exchange server to directly meet your requirement: reject specific users sending emails to specific distribution group at specific times.
  We can use transport rule in Exchange 2007 and later version to achieve Reject specific users sending emails to specific distribution group. Create a rule in Exchange EMC:
  Apply rule to messages
  from "[email protected]" or "[email protected]"
  and sent to "[email protected]"
  send "cannot send messages to this group" to sender with "5.7.1"
  About schedule the transport rules, there is no feature in Exchange supporting it. I find an article about scheduling a transport rule by using task schedule in Server manager. Just for your reference:
  http://alanhardisty.wordpress.com/2012/01/17/schedule-a-transport-rule-to-be-enabled-or-disabled-at-a-specific-time-of-day-day-of-the-week/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality,
  safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Owners can't update their distribution groups - Outlook/Exchange 2013

  I've seen some things online about this but I'm relatively new to this so I wasn't able to follow.  I'm hoping someone can help me figure this out.
  We have a brand new Exchange 2013 environment and users using Outlook 2013.  We want to set Owners on all our Distribution groups so that the managers of the departments can manage their own groups instead of having to ask IT to add or remove people
  all the time.
  We went into the groups and added owners to them thinking that this would allow the owners to add and remove people from their groups right from within the Outlook client.  However, when they try to do that, they get the error stating "Changes
  to public group membership cannot be saved"
  It looks like I need to grant some permissions to the users or something but I'm not following where I need to go to do that.  Can I do something from within the Exchange 2013 Admin Center web interface to fix this?  Any step-by-step instructions
  would be much appreciated.
  Thanks!

  check these out..
  http://blogs.technet.com/b/samdrey/archive/2013/10/01/exchange-2010-2013-how-to-give-permissions-to-users-to-manage-universal-security-distribution-lists-must-use-rbac.aspx
  http://support.microsoft.com/kb/2586832
  Kottees :My Blog Please mark it as an answer if it really helps you.
  Thanks,
  I had seen these before but most specifically mention Exchange 2010.  Are they all still applicable?
  I followed the steps in the first link since they were easier to figure out, but it seems that if I put someone in that group, they then have the ability to modify ANY group and not just the one they are an Owner of.  That doesn't work if that's how
  it would have to be.  We just want to be able to assigned certain people to edit certain groups from within Outlook.
  hmm
  OK so the script from the first link seems to give people permissions to edit ANY distribution list which is not what I wanted.  I was able to use the script linked here that worked fine:
  http://blogs.technet.com/b/exchange/archive/2009/11/18/how-to-manage-groups-that-i-already-own-in-exchange-2010.aspx
  Took a bit to get it working but now it seems to only allow people to edit groups they Own and not other groups.

• Assistance with distribution group behavior

  We have a new Exchange 2013 server.  So far, we are happy with it, except for this one issue with distribution groups.
  On our old, non-Microsoft mail server, we had mailing lists.  When someone sent an email to the list, the members of the list would receive an email that was listed as "From:
  [email protected] on behalf of [email protected]".  We like this behavior because it allows people to easily see who the messages posted on a mailing list came from, but when hitting reply,
  the reply would go back to the mailing list, and ***NOT*** the user that sent the email being replied to.
  In Exchange 2013, distribution groups function differently.  If a user sends an email to
  [email protected], our users see a message that is listed as "From: [email protected]" and "To: [email protected]".  If a user hits reply to this
  message, the reply by default goes to the original send and NOT the entire list.  We do NOT like this behavior and wish to change it.
  Hitting Reply All when viewing emails from a distribution group is not a viable option...our users will not remember to do that and it will create confusion.
  So, to recap, what we want to see when User A send an email to Distribution Group A, then all other users should receive an email that is "From:
  [email protected] on behalf of [email protected]".  When our users hit reply to this message, the reply's To: field should, by default, be filled in with
  [email protected] and not
  [email protected]
  How can we accomplish this?

  You might be able to achieve something using transport rules/agents (if someone sends to the list, re-write the reply address to the list). It would be ugly though... cringing just thinking about it...
  We already attempted this with Transport Rules.  Specifically, we tried to rewrite the Reply-To header.  When attempting to create the rule, Exchange pitches an error message: "Can't set header reply-to with value [email protected]".  Are
  we missing something somewhere, some setting that will allow this?

• Using PowerShell to set Custom Access Rights on a Calendar Does not set Free/Busy Permissions

  We recently discovered an issue where, if you use Exchange Management Shell to configure custom access rights, the Free/Busy permissions do not get set at all (they remain as "None"):
  $temp = [Microsoft.Exchange.Management.StoreTasks.MailboxFolderAccessRight[]]("ReadItems","EditOwnedItems","DeleteOwnedItems","EditAllItems","DeleteAllItems","FolderVisible")
  Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "Company Calendar Management" -AccessRights $temp
  Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "mpinkston" -AccessRights Editor
  If you use a pre-defined "role" such as Editor given to mpinkston6 in the above example it sets the Free/Busy permission to Full Details. It would appear that using Add-MailboxFolderPermission or Set-MailboxFolderPermission is generic for folder
  objects, and doesn't explicitly set the Free/Busy permissions. In the case of the pre-defined roles either the command is doing something special/different, or the permission checks later accept pre-defined roles for determining Free/Busy permissions. No idea
  which is going on. If Free/Busy permissions can be fixed through PowerShell by some other mechanism/command, that would be great. If not, how do we go about requesting a fix/feature change in Exchange?
  http://technet.microsoft.com/en-us/library/dd298062%28v=exchg.150%29.aspx
  (Please expand Parameters and read AccessRights to get a better understanding for what I'm describing.)

  Did you try adding AvailabilityOnly or LimitedDetails in your $temp variable for Calendar folder? These would set it to "Free/Busy time, subject, location" or "Free/Busy time" respectively....
  Add-MailboxFolderPermission - http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx
  The following roles apply specifically to calendar folders:
  AvailabilityOnly   View only availability data
  LimitedDetails   View availability data with subject and location
  Amit Tank | Exchange - MVP | Blog:
  exchangeshare.wordpress.com 

• Managing Distribution Groups with hidden membership (when hideDLMembership is true)

  Hi All,
  I have a
  situation in a Exchange 2010 SP2 messaging environments where we want to manage two distribution groups through Outlook client and want to ensure that its membership is visible to none but the distribution group owners.
  I have followed this article "http://blogs.technet.com/b/kamleshk/archive/2013/08/22/3478284.aspx" but in my case the owner can't see the membership.
  The Outlook client version is 2007.
  I have enabled "MyDistributionGroups" in the default role assignment policy to enable Distribution Group management by end users.
  We use Outlook Anywhere but I have tried to add the registry Key "DS Server" but no way.
  Thank you in advance.
  Simone
  Simone

  Hi Simone,
  How about in OWA?
  If OWA works well, it should be an issue on the Outlook Client side.
  If OWA not works neither, it still the permission issue. It need sometimes to sync the operation.
  Please run following command to verify the owner permission:
  Get-DistributionGroup -Indentity DGName | FL
  Thanks
  Mavis 
  Mavis Huang
  TechNet Community Support

• App-V Server : Changing Connection Group Name through powershell.

  Hi,
  Is it possible to change the name of existing Connection group through powershell  ?
  I've tried using Set-AppvServerConnectionGroup but i was unable to change the name of existing group.
  Thanks,
  Sumit.

  Do this:
  $group = Get-AppvServerConnectionGroup -Name "Connection Group A"
  $group.name = "Connection Group B"
  Set-AppvServerConnectionGroup $group
  Please remember to click "Mark as Answer" or "Vote as Helpful" on the post that answers your question (or click "Unmark as Answer" if a marked post does not actually
  answer your question). This can be beneficial to other community members reading the thread.
  This forum post is my own opinion and does not necessarily reflect the opinion or view of my employer, Microsoft, its employees, or other MVPs.
  Twitter:
  @stealthpuppy | Blog:
  stealthpuppy.com |
  The Definitive Guide to Delivering Microsoft Office with App-V