none
Message Delivery Restrictions in Nested Group

    Question

  • Scenario

    Message Delivery Restriction are enabled in numerous Distribution List(DL). DL group called "Company^ALL^Users" has message delivery restriction set and inside this DL, there are numerous DL like Sales^Group, Production^Group, etc which also has delivery restriction set. 

    Granting a user allow to send to "Company^ALL^Users" allows him to send email to this DL but it got blocked from the nested group. To allow the user to manage to send to all users, he needs to be allowed on the main DL plus all the nested DL, but this method is easily overlooked when granting this permissions.

    I do not want to set my MS Exchange to flat restriction checking.

    Is there a way to set in MS Exchange (EMC/powershell/registry) that it can flag the administrator, if there are delivery restrictions set in nested group when he is granting the main DL the permission to allow a user to send ?

    Kindly advice


    poku

    Thursday, June 8, 2017 7:42 AM

All replies

  • Hi,

    In general, we must configure "allow" permission on top DL and all nested DLs. And no way to set something like "flag".

    But we can use powershell script to get all top DL and nested DLs, then check delivery restriction on them.

    https://gallery.technet.microsoft.com/scriptcenter/Export-AD-group-members-6e6c8a9f


    Best Regards,

    Lynn-Li
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 9, 2017 8:07 AM
    Moderator
  • Hi Lynn

    thanks for the reply. 

    Yes, I know in general we need to configure the "allow" on the top DL, then check for nested group and configure allow then on each DL check for 2nd layer DL and so on but its very manual

    besides running a powershell script or using EMC to check each nested DL for delivery restriction, I'm wondering if there is a faster or more efficient approach to perform the check to ensure by granting "allow" to a user from top DL, he is able to send to all users/nested DL under this top DL.



    poku

    Friday, June 9, 2017 11:16 AM
  • Your best bet is to simply create a mailbox for "All Users" submissions and instruct users to sent them there, then an administrator who monitors the mailbox can send the message for them.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Sunday, June 11, 2017 12:18 AM
    Moderator