Set Send to permissions on distribution groups through powershell
We have an Exchange 2013 environment on which we have created distribution groups with powershell.
However I can't figure out how we can configure the "send to" permissions for these distribution groups.
What we want is for Exchange to look at CustomAttribute3 in a user account, and if that attribute meets the set requirements the user will have permission to send mail to this distribution group.
Can anyone help me with this issue? Is there a powershell command I can use to configure this?
kind regards,
kevin
Hi kevin,
You can use the following cmdlet to configure the distribution group to accept messages only from the specific users.
Set-DistributionGroup -Identity "DGName" -AcceptMessagesOnlyFrom "xxx","xxx"
What's more, I am afraid that the -AcceptMessagesOnlyFrom parameter does not accept the custom attribute. Your understanding will be appreciated.
For your reference:
https://technet.microsoft.com/en-us/library/bb124955(v=exchg.150).aspx
Hope this can be helpful to you.
Best regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Amy Wang
TechNet Community Support
Similar Messages
-
Correct syntax to set "send as" permissions through Powershell
Hello,
A colleague of mine gave me a Powershell command to set "send as" permissions on a mailbox. His syntax is the following:
Add-ADPermission -Identity UserBeingGrantedPermission -User UserWhoseMailboxIsBeingConfigured -ExtendedRights 'Send-As'
In that example the user mentioned after "-User" is the one who's mailbox is being configured. Easy enough. Earlier Technet articles also use this syntax.
However, I stumbled across the
following article. Which clearly says:
This example grants Send As permissions for Aaron Painter to Terry Adams's mailbox.
Add-ADPermission -Identity "Terry Adams" -User AaronPainter -AccessRights ExtendedRight -ExtendedRights "Send As"
In this example "-User" is not the one mailbox that is being configured but the person that gets the rights.
So who is right? Technet or Technet?Hi Fr0ns,
Your colleague mistook it a little bit, (and I don't think he can compete with the Technet library :)
-User <is always someone who is given permissions to>. In the Technet example - AaronPainter gets the permission to
Send As Terry Adams.
You can check it yourself pretty easily - enable command logging and attempt to assign the permissions with GUI where you clearly know who gets what.
▲ Vote if Helpful / Mark if Answer
MCSE: Messaging 2013 Charter / Private Cloud / Server Infrastructure
MaximumExchange.ru -
Unable to set send-as permissions because of hundrets of duplicate permissions
hello,
we are unable to set send-as permissons to mailboxes where more than 10 users already habe send-as permissions.
when i use get-adpermission -identity "mailbox_abc" i get 4309 lines with permissions. But most are duplicates. every permission is set 31 times.
when i remove a user there are 4278 lines, when i add an user there are 4309 lines.
it seems that every account has between 1000 and 4000 permission lines
when i use the GUI i only see 10 different permissions
how can i fix it?
thankyou in advance borismy problem are the hundreds of duplicates
this is the output
Get-ADPermission -Identity "mailbox_abc" | ?{($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self")} | select identity,user
Identity
User
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied NT-AUTORITÄT\SELBST
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\gka
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\ma
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\zr
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\fh
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\MT
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied NT-AUTORITÄT\SELBST
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\gka
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\ma
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\zr
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\fh
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\MT
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied NT-AUTORITÄT\SELBST
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\gka
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\ma
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\zr
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\fh
sample.domain/MyBusiness/Users/SBSUsers/sample Mitglied SAMPLE\MT
alltogether 4300 duplicate lines but only 5 different accounts
rg. borris -
Setting up Send on Behalf for distribution Group
Hi All,
I have a distribution group named [email protected] setup and working fine.
I want to allow member to Send on Behalf as this group, and have put the appropriate names in the Send on Behalf box, but for the life of me I cannot see how to actually send an email using the distribution group. There is no option in the from field to
select this as a from address.
I must be missing something, but what?
Using exchange 2013, please help :)
Kind Regards
RichardIf you see the FROM field in outlook, either just type the email address of the group, or click the FROM button and select the group from the GAL. The ladder is the preferred method.
http://www.outlook-apps.com/send-from-other-email-address-outlook/
DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com -
How to send a Workitem to User Group through WorkFlow
Hi,
I am developing a WorkFlow, in this i have an issue that i have to send a WorkItem to User Group on Certain condition. On Agent Assignment I want to assign User Group not a single or multiple Users.
Could anyone resolve this issue. How can i resolve in WorkFlow.
Harkesh Danghi Harkesh,
During agent assignment use Organizational unit -> All users in that organizational unit will receive workitem.
Use Role -> All users having that role will receive workitem.
Use Job/Position -> All users assigned to job/position ca receive workitem.
Or else use expression -> Pass the user name through some selection criteria using a background method. Loop it. Create a task and workflow container and make sure that in properties tab multiline is checked.
Hope it works.
Regards,
Raj -
Unable to send email as a distribution group address
Hi
We have a user who is a member of three distribution groups in exchange server 2010. He is able to send emails changing his “from” address to two of the distribution group addresses but not the other.
This is the error message received “You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf
of the correct sender, or request the necessary permission.”
Can anyone assist
Thanks
EskyHi Esky,
Please make sure it has necessary permission assigned
Please try deleting addressbook
Close Outlook and delete the Offline Address book folder(s) under "C:\Users\Username\AppData\Local\Microsoft\Outlook \Offline Address Books\" (Assuming your OS is Windows 7)
Please check this for details. It is a similar thread http://exchangeserverpro.com/forums/exchange-server-2010/536-exchange-2010-outlook-2007-2010-send-issues.html
Thanks, MAS
Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
Issues creating dynamic distribution group with PowerShell
I am trying to create a DDG with the following filters: Mailbox Users, specific OU and not member of a certain group. This script works fine (minus the exclusion):
New-DynamicDistributionGroup -Name "1Test1" -RecipientContainer "OU=ABC,DC=xyz,DC=com" -IncludedRecipients 'MailBoxUser'
\When I change the script to exclude members of the group the DDG is blank:
New-DynamicDistributionGroup -Name "1Test1" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (MemberOfGroup -ne "CN=1ExcludeDynamic,OU=ExchangeGroups,DC=xyz,DC=com") -and (RecipientContainer -eq "OU=ABC,DC=xyz,DC=com")}
Any ideas will be appreciated.All right. That's a good thing. Now create another new DDL using the Powershell cmdlet and the values you got from the "RecipientFilter" and "RecipientContainer" properties. Then verify that you get the same results as you do when you ran this on the one
you created with the GUI:
Get-DynamicDistributionGroup
'NewGroup' | fl Name,RecipientContainer,RecipientFilter,LdapRecipientFilter
and
$g=Get-DynamicDistributionGroup NewGroup
(Get-Recipient
-RecipientPreviewFilter $g.RecipientFilter
-OrganizationalUnit $g.RecientContainer).count
If you do, then run a Get-DynamicDistributionGroup GROUPNAME | Set-Dynamic -RecipientFilter
{(RecipientType -eq 'UserMailbox') -and (MemberOfGroup -ne "CN=1ExcludeDynamic,OU=ExchangeGroups,DC=xyz,DC=com")}
Then see if it works as expected. If it doesn't try this:
Get-DynamicDistributionGroup GROUPNAME | Set-Dynamic -RecipientFilter {(RecipientType -eq 'UserMailbox') -and -not (MemberOfGroup -eq "CN=1ExcludeDynamic,OU=ExchangeGroups,DC=xyz,DC=com")}
--- Rich Matheisen MCSE&I, Exchange MVP -
Dynamic Distribution Group on HOSTED exchange 2010 not setting up properly
Hi all,
We have a hosted exchange 2010, which prevents us from using the EMC.
I want to create a simple dynamic distribution group for every staff member in the organization but am facing a problem. I use the following command:
New-DynamicDistributionGroup -Organization "organizationname" -IncludedRecipients MailboxUsers -Name "Office"
This appears to work according to shell. In addition,
Get-DynamicDistributionGroup -Organization "organizationname"
DOES come up with "office" as a listing (though the "Managed by" field is empty. Should I care?)
However:
sending to that address creates a bounce-back "no such email address"
a look in AD shows that the object has been created somewhat incorrectly
It appears that while a group is nominatively created no email address is created attached to it (which should be [email protected]).
I am by no means a shell expert and have been bumping my head for a few days now, any suggestion would be great!
Thanks in advance,
RodolpheHey, thanks for your reply Willard.
Everything looks correct:
name: Office
Alias: Office
PrimarySmtpAddress: [email protected]
EmailAddressPolicyEnabled: False
The bounceback now is quoting a permissions issue
#< #5.7.1 smtp;550 5.7.1 RESOLVER.RST.AuthRequired; authentication required> #SMTP#
This actually gives me the clues to resolve:
When creating a distribution group through the EMC, by default it is "closed" so only members of that DDL can send to it. I have tested this by sending to it from an internal address and it does go through.
Set-DynamicDistributionGroup <name> -RequireSenderAuthenticationEnabled $False
resolves the issue to allow external senders.
Thanks for your help Willard, your question was enough to get me going in the right direction. Hopefully some other newbie will find this useful in the future. -
Send Emails to Distribution Group
Hi All,
I have a scenario where we need to create one distribution group and 4 users in that distribution group. There are almost 70 companies who will send email to this distribution group.
Now i want to achieve below goals,
1) lets support i create an distribution group [email protected] and add 4 members in this distribution group.
user1, user2, user3,user4
2) If Company A send email to [email protected] only user1 & user2 will receive that email.
3) If Compnay B send email to [email protected] only user3 & user4 will receive that email.
Is there any possibility to achieve this goal i am using Exchange 2010 with Microsoft Forefront Online Protection.
Thanks & Regards,
Zeeshan ButtHi Zeeshan Butt,
Agree with the above suggestion, transport rule can achieve your requirement.
The sender address matches(the sender’s domain is)
The recipient address matches [email protected]
Redirect the message to user3 & user4
Here are some references you can refer to:
Transport Rule Predicates:
http://technet.microsoft.com/en-us/library/dd638183(v=exchg.150).aspx
Transport Rule Actions:
http://technet.microsoft.com/en-us/library/aa998315(v=exchg.150).aspx
Manage Transport Rules:
http://technet.microsoft.com/en-us/library/jj657505(v=exchg.150).aspx
If you have any question, please feel free to let me know.
Thanks,
Angela
Angela Shi
TechNet Community Support -
Prohibit Sending Emails to Distribution Group at specific times
Hi team,
I have a request from my company to prohibit certain users from sending emails to Specific Distribution group at certain times.(12AM-7AM)
Any help would be appreciated.
RegardsHi,
Based on my research, there is no feature in Exchange server to directly meet your requirement: reject specific users sending emails to specific distribution group at specific times.
We can use transport rule in Exchange 2007 and later version to achieve Reject specific users sending emails to specific distribution group. Create a rule in Exchange EMC:
Apply rule to messages
from "[email protected]" or "[email protected]"
and sent to "[email protected]"
send "cannot send messages to this group" to sender with "5.7.1"
About schedule the transport rules, there is no feature in Exchange supporting it. I find an article about scheduling a transport rule by using task schedule in Server manager. Just for your reference:
http://alanhardisty.wordpress.com/2012/01/17/schedule-a-transport-rule-to-be-enabled-or-disabled-at-a-specific-time-of-day-day-of-the-week/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality,
safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Thanks,
Winnie Liang
TechNet Community Support -
Owners can't update their distribution groups - Outlook/Exchange 2013
I've seen some things online about this but I'm relatively new to this so I wasn't able to follow. I'm hoping someone can help me figure this out.
We have a brand new Exchange 2013 environment and users using Outlook 2013. We want to set Owners on all our Distribution groups so that the managers of the departments can manage their own groups instead of having to ask IT to add or remove people
all the time.
We went into the groups and added owners to them thinking that this would allow the owners to add and remove people from their groups right from within the Outlook client. However, when they try to do that, they get the error stating "Changes
to public group membership cannot be saved"
It looks like I need to grant some permissions to the users or something but I'm not following where I need to go to do that. Can I do something from within the Exchange 2013 Admin Center web interface to fix this? Any step-by-step instructions
would be much appreciated.
Thanks!check these out..
http://blogs.technet.com/b/samdrey/archive/2013/10/01/exchange-2010-2013-how-to-give-permissions-to-users-to-manage-universal-security-distribution-lists-must-use-rbac.aspx
http://support.microsoft.com/kb/2586832
Kottees :My Blog Please mark it as an answer if it really helps you.
Thanks,
I had seen these before but most specifically mention Exchange 2010. Are they all still applicable?
I followed the steps in the first link since they were easier to figure out, but it seems that if I put someone in that group, they then have the ability to modify ANY group and not just the one they are an Owner of. That doesn't work if that's how
it would have to be. We just want to be able to assigned certain people to edit certain groups from within Outlook.
hmm
OK so the script from the first link seems to give people permissions to edit ANY distribution list which is not what I wanted. I was able to use the script linked here that worked fine:
http://blogs.technet.com/b/exchange/archive/2009/11/18/how-to-manage-groups-that-i-already-own-in-exchange-2010.aspx
Took a bit to get it working but now it seems to only allow people to edit groups they Own and not other groups. -
Assistance with distribution group behavior
We have a new Exchange 2013 server. So far, we are happy with it, except for this one issue with distribution groups.
On our old, non-Microsoft mail server, we had mailing lists. When someone sent an email to the list, the members of the list would receive an email that was listed as "From:
[email protected] on behalf of [email protected]". We like this behavior because it allows people to easily see who the messages posted on a mailing list came from, but when hitting reply,
the reply would go back to the mailing list, and ***NOT*** the user that sent the email being replied to.
In Exchange 2013, distribution groups function differently. If a user sends an email to
[email protected], our users see a message that is listed as "From: [email protected]" and "To: [email protected]". If a user hits reply to this
message, the reply by default goes to the original send and NOT the entire list. We do NOT like this behavior and wish to change it.
Hitting Reply All when viewing emails from a distribution group is not a viable option...our users will not remember to do that and it will create confusion.
So, to recap, what we want to see when User A send an email to Distribution Group A, then all other users should receive an email that is "From:
[email protected] on behalf of [email protected]". When our users hit reply to this message, the reply's To: field should, by default, be filled in with
[email protected] and not
[email protected]
How can we accomplish this?You might be able to achieve something using transport rules/agents (if someone sends to the list, re-write the reply address to the list). It would be ugly though... cringing just thinking about it...
We already attempted this with Transport Rules. Specifically, we tried to rewrite the Reply-To header. When attempting to create the rule, Exchange pitches an error message: "Can't set header reply-to with value [email protected]". Are
we missing something somewhere, some setting that will allow this? -
Using PowerShell to set Custom Access Rights on a Calendar Does not set Free/Busy Permissions
We recently discovered an issue where, if you use Exchange Management Shell to configure custom access rights, the Free/Busy permissions do not get set at all (they remain as "None"):
$temp = [Microsoft.Exchange.Management.StoreTasks.MailboxFolderAccessRight[]]("ReadItems","EditOwnedItems","DeleteOwnedItems","EditAllItems","DeleteAllItems","FolderVisible")
Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "Company Calendar Management" -AccessRights $temp
Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "mpinkston" -AccessRights Editor
If you use a pre-defined "role" such as Editor given to mpinkston6 in the above example it sets the Free/Busy permission to Full Details. It would appear that using Add-MailboxFolderPermission or Set-MailboxFolderPermission is generic for folder
objects, and doesn't explicitly set the Free/Busy permissions. In the case of the pre-defined roles either the command is doing something special/different, or the permission checks later accept pre-defined roles for determining Free/Busy permissions. No idea
which is going on. If Free/Busy permissions can be fixed through PowerShell by some other mechanism/command, that would be great. If not, how do we go about requesting a fix/feature change in Exchange?
http://technet.microsoft.com/en-us/library/dd298062%28v=exchg.150%29.aspx
(Please expand Parameters and read AccessRights to get a better understanding for what I'm describing.)Did you try adding AvailabilityOnly or LimitedDetails in your $temp variable for Calendar folder? These would set it to "Free/Busy time, subject, location" or "Free/Busy time" respectively....
Add-MailboxFolderPermission - http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx
The following roles apply specifically to calendar folders:
AvailabilityOnly View only availability data
LimitedDetails View availability data with subject and location
Amit Tank | Exchange - MVP | Blog:
exchangeshare.wordpress.com -
Managing Distribution Groups with hidden membership (when hideDLMembership is true)
Hi All,
I have a
situation in a Exchange 2010 SP2 messaging environments where we want to manage two distribution groups through Outlook client and want to ensure that its membership is visible to none but the distribution group owners.
I have followed this article "http://blogs.technet.com/b/kamleshk/archive/2013/08/22/3478284.aspx" but in my case the owner can't see the membership.
The Outlook client version is 2007.
I have enabled "MyDistributionGroups" in the default role assignment policy to enable Distribution Group management by end users.
We use Outlook Anywhere but I have tried to add the registry Key "DS Server" but no way.
Thank you in advance.
Simone
SimoneHi Simone,
How about in OWA?
If OWA works well, it should be an issue on the Outlook Client side.
If OWA not works neither, it still the permission issue. It need sometimes to sync the operation.
Please run following command to verify the owner permission:
Get-DistributionGroup -Indentity DGName | FL
Thanks
Mavis
Mavis Huang
TechNet Community Support -
App-V Server : Changing Connection Group Name through powershell.
Hi,
Is it possible to change the name of existing Connection group through powershell ?
I've tried using Set-AppvServerConnectionGroup but i was unable to change the name of existing group.
Thanks,
Sumit.Do this:
$group = Get-AppvServerConnectionGroup -Name "Connection Group A"
$group.name = "Connection Group B"
Set-AppvServerConnectionGroup $group
Please remember to click "Mark as Answer" or "Vote as Helpful" on the post that answers your question (or click "Unmark as Answer" if a marked post does not actually
answer your question). This can be beneficial to other community members reading the thread.
This forum post is my own opinion and does not necessarily reflect the opinion or view of my employer, Microsoft, its employees, or other MVPs.
Twitter:
@stealthpuppy | Blog:
stealthpuppy.com |
The Definitive Guide to Delivering Microsoft Office with App-V
Maybe you are looking for
-
Invoking Composite from BPMN with file read operation
hello, I have a composite which does a simple file read and dumps data to database using mediator. right now composite gets kicked off by presence of a file in a directory. I would like to invoke this composite from a BPMN process, unfortunately beca
-
Is there a sound card capable of receiving PS3 sound and output it to my PC 7.1 speakers
I don't necessarily want the analog output from the sound card. If it would be easier to output the sound through the motherboard, than so be it. But at the very least, a sound card is needed for the optical input. I emailed Creative about this and t
-
I have installed PS with my ID but have become a new PC. Therefore PS is deleted from one of the old PC´s and I have then tried to installl PS on the new PC, but a dialogbox tells mee that it is not possible to do this. Will I have to stop my ID and
-
Reference Data Imports from ECC
All of a sudden our reference data imports from ECC to ESourcing are failing with this error. "is either unknown data type or it is missing the required DataType(..) declaration" They used to work. Can someone point me towards the place
-
Hi Problem Statement: There are two systems A(www.A.com) and B(www.B.com). Both the sites are secure accessible through login. A site users has provision to navigate to B site but they cannot login directly to B site. They have to login first to A si