Opening Closed Exchange Distribution Groups with PowerShell

By default, new distribution groups in Exchange 2007, 2010, 2013, and 2016 do accept messages from outside of the Exchange organization. In some cases, this may not be the desired behavior.

In some environments, it may be desired behavior to accept messages from inside or outside the organization. For example, you may have services that need to send mail to Exchange distribution groups. Where I work, this is definitely the case. Hundreds of services, all sending mail to individuals and distribution groups.

We've all seen this chunk of code:

Get-DistributionGroup | Set-DistributionGroup -RequireSenderAuthenticationEnabled:$false

It definitely gets the job done, albeit slowly. It grabs the entire list of distribution groups from Exchange, and attempts to apply the $False value to each one. While it works, I think it could be improved upon. There a couple of points that could be changed.

Each time it is run, it grabs all distribution groups, making our list of groups to modify potentially gigantic. Why not limit it to the only the groups that are set to $true?
I like to see output of a script, but for each group that is already in the correct state, the "WARNING: The command completed successfully but no settings were modified" message is generated. In an environment with thousands of distribution groups, I only want to see the groups that were modified, not the ones that weren't.
Mentioned above, I like to see output. If the script is running interactively, I want to know where in the script we are, and some sort of status.

In order to accomplish these points, I built the following PowerShell script. It's nothing too complicated, but it gets the job done whether it is running as a scheduled task, or interactively.

First, we'll get a list of the distribution groups that we need to work with. For this, I am using Where to filter for the objects I want. For this example, I only want universal distribution groups (not security groups), and groups where RequireSenderAuthenticationEnabled is set to $True. This is being stored in $ListofGroups. By doing this, we cut down vastly on the number of groups that are going to be updated.

Next, the script loops through the list of groups acquired above. After grabbing the display name of the current group, a status is written to the screen, and the Set-DistributionGroup cmdlet is used to set RequireSenderAuthenticationEnabled to $False.

write-host "Getting closed groups" $ListofGroups=Get-DistributionGroup | where {$_.RequireSenderAuthenticationEnabled -eq $True -and $GroupType -eq "Universal"} write-host "Processing list" ForEach($Group in $ListOfGroups { $DisplayName=$Group.Displayname Write-Host "Opening $DisplayName" Set-Distributiongroup $DisplayName -RequireSenderAuthenicationEnabled $False }

This achieves a smaller set of groups to work with, which equals a faster script. Further, it gives output along the way, if needed.

About this post

Posted: 2017-01-17
By: dwirch
Viewed: 2,551 times

Comments

No comments have been added for this post.

You must be logged in to make a comment.