Exchange PowerShell: How to enumerate and modify Distribution Group properties

Exchange PowerShell

Here is another quick Exchange PowerShell post on distribution groups, in it we will look at how to check and modify a particular setting.

A client recently got in touch after a suspect email was sent to all staff in a particular distribution group. Usually only staff can send emails to distribution groups because you need to be authenticated, so I had a quick check of the distribution group’s settings to see what was going on.

In Exchange Management Console. Expand Recipient Configuration and select Distribution Group.

Select the group in question and click the Mail Flow Settings Tab.

Distribution Group - Mail Flow Settings tab

Then select Message Delivery Restrictions, and click the Properties button.

Distribution Group - Mail Flow Settings - Message Delivery Restrictions - Require that all senders are authenticatedAs you can see for this particular group the Require that all senders are authenticated wasn’t selected. After checking the box, and doing a quick test only authenticated users could use the distribution list.

Now in a company with a lot of distribution groups I wanted to find a way to check all the groups and make the setting change without having to do it individually for each group. So here we will switch over to the Exchange Management Shell.

Firstly we have to find out which PowerShell Cmdlet to use. So in an Exchange Management Shell lets start with the Cmdlet:

Get-Help *distrib*

get-help distribAs you can see there are a few Cmdlets with ‘distrib’ in the name, but Get-DistributionGroup looks promising.

Next let’s run the Cmdlet Get-DistributionGroup to see what information it produces.

Exchange PowerShell Get-DistributionGroupSo it already gives us some useful information, but we need to check for sender authentication so let’s take a look at a specific distribution group to find the correct setting.

Get-DistributionGroup Managers | Format-List

Exchange PowerShell Get-DistributionGroup groupname FLAs you can see for this goup the RequireSenderAuthenticationEnabled is True.

Next we will use the Cmdlet to view only the group name and the RequireSenderAutheticationEnabled property:

Get-DistributionGroup | FT Name, RequireSenderAuthenticationEnabled

Exchange PowerShell Get-DistributionGroup ft name requiresenderauthenticationenabledNow we can see four of the distribution groups don’t have the setting enabled, so let’s go and enable it. To do this we are going to use another PowerShell Cmdlet, Set-DistributionGroup in conjunction with Get-DistributionGroup.

Get-DistributionGroup  | Set-DistributionGroup -RequireSenderAuthenticationEnabled $TRUE

Exchange PowerShell Get-DistributionGroup Set-DistributionGroup requiresenderauthenticationenabled trueDon’t be alarmed by the yellow warnings. They are telling you that the setting hasn’t been made on the groups which already have the property enabled.

Let’s do a quick check to confirm the previous command worked correctly.

Get-DistributionGroup | FT Name, RequireSenderAuthenticationEnabled

Exchange PowerShell Get-DistributionGroup ft name requiresenderauthenticationenabled 2

As you can see all values RequireSenderAuthenticationEnabled values are now True.

The PowerShell command above works on both Exchange 2007 and Exchange 2010.

Related Posts:

1. Exchange PowerShell: How to enumerate Distribution Lists, managers and members

2. Exchange PowerShell: How to find users hidden from the Global Address List

3. Exchange 2013 Initial Configuration Settings multi-part series

4. Exchange PowerShell: How to check the number of items in the Inbox, Sent Items, Deleted Items, Junk Email

5. How to find the mailbox sizes in Exchange 2010

One thought on “Exchange PowerShell: How to enumerate and modify Distribution Group properties

Leave a Reply

Your email address will not be published. Required fields are marked *