Opening Closed Exchange Distribution Groups with PowerShell

Posted On 2017-01-17 by dwirch
Tags: Powershell Exchange Scripting Windows
Views: 838

By default, new distribution groups in Exchange 2007, 2010, 2013, and 2016 do accept messages from outside of the Exchange organization. In some cases, this may not be the desired behavior.

In some environments, it may be desired behavior to accept messages from inside or outside the organization. For example, you may have services that need to send mail to Exchange distribution groups. Where I work, this is definitely the case. Hundreds of services, all sending mail to individuals and distribution groups.

We've all seen this chunk of code:

Get-DistributionGroup | Set-DistributionGroup -RequireSenderAuthenticationEnabled:$false

It definitely gets the job done, albeit slowly. It grabs the entire list of distribution groups from Exchange, and attempts to apply the $False value to each one. While it works, I think it could be improved upon. There a couple of points that could be changed.

  • Each time it is run, it grabs all distribution groups, making our list of groups to modify potentially gigantic. Why not limit it to the only the groups that are set to $true?
  • I like to see output of a script, but for each group that is already in the correct state, the "WARNING: The command completed successfully but no settings were modified" message is generated. In an environment with thousands of distribution groups, I only want to see the groups that were modified, not the ones that weren't.
  • Mentioned above, I like to see output. If the script is running interactively, I want to know where in the script we are, and some sort of status.

In order to accomplish these points, I built the following PowerShell script. It's nothing too complicated, but it gets the job done whether it is running as a scheduled task, or interactively.

First, we'll get a list of the distribution groups that we need to work with. For this, I am using Where to filter for the objects I want. For this example, I only want universal distribution groups (not security groups), and groups where RequireSenderAuthenticationEnabled is set to $True. This is being stored in $ListofGroups. By doing this, we cut down vastly on the number of groups that are going to be updated.

Next, the script loops through the list of groups acquired above. After grabbing the display name of the current group, a status is written to the screen, and the Set-DistributionGroup cmdlet is used to set RequireSenderAuthenticationEnabled to $False.

write-host "Getting closed groups"
$ListofGroups=Get-DistributionGroup | where {$_.RequireSenderAuthenticationEnabled -eq $True -and $GroupType -eq "Universal"}
write-host "Processing list"
ForEach($Group in $ListOfGroups
   Write-Host "Opening $DisplayName"
   Set-Distributiongroup $DisplayName -RequireSenderAuthenicationEnabled $False

This achieves a smaller set of groups to work with, which equals a faster script. Further, it gives output along the way, if needed.

About the Author

has posted a total of 190 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links