Active Directory Distribution Group
A Distribution Group is a mail-enabled active directory group, that functions to send a message delivered to that group to multiple recipients’ inboxes who are a member of that group. We can manage some of the properties/permissions of distribution groups within Active Directory or using the Exchange Administration Center (Formerly Exchange Management Console).
Read: Distribution Group or Mail-Enabled Security Groups?
This article focuses on distribution group management via Exchange Management Shell Commandlets to manage some of the permissions. It explains the syntax and examples related to those requirements.
Adding Users to a Distribution Group
Syntax
Add-DistributionGroupMember "<Distribution Group Name>" -Member <Identity>
Example
Add-DistributionGroupMember -Identity "Finance UK" -Member Barbara
Changing or Replacing Owner of Distribution Group
Syntax
Set-DistributionGroup -Identity "<Distribution Group Name>" –ManagedBy <Identity>
Example
Set-DistributionGroup -Identity "Finance USA" -ManagedBy Barbara
Getting Email for External Senders by Enabling/Disabling Distribution Group
To enable the external recipient to send E-mail to Distribution Group, we set the value of the parameter “RequireSenderAuthenticationEnabled” to $False.
Syntax
Set-DistributionGroup "<Distribution Group Name>" -RequireSenderAuthenticationEnabled $False
Example
Set-DistributionGroup “Finance USA” -RequireSenderAuthenticationEnabled $False
Adding Additional Owners via Set-DistributionGroup
Syntax
Set-DistributionGroup “” -ManagedBy @{Add='<Identity 1>','<Identity 2>'}
Example
Set-DistributionGroup “Finance USA” -ManagedBy @{Add='abbey','barbara'}
Set Primary E-mail Address of Distribution Group
Syntax
Set-DistributionGroup "" -PrimarySmtpAddress
Example
Set-DistributionGroup "Finance UK" -PrimarySmtpAddress finance@contoso.com
Hide Distribution Group from GAL (Global Address List)
Syntax
Set-DistributionGroup "<Distribution Group Name>" -HiddenFromAddressListsEnabled $True
Example
Set-DistributionGroup "Sales UK" -HiddenFromAddressListsEnabled $True
Set-DistributionGroup Parameters
-AcceptMessagesOnlyFrom
AcceptMessagesOnlyFrom determines who is permitted to send messages to this recipient. Other senders’ messages are refused.
Individual senders in your organization are valid values for this parameter (mailboxes, mail users, and mail contacts). Any value that uniquely identifies the sender can be used.
Multiple senders can be entered, separated by commas.
This parameter’s senders are immediately transferred to the AcceptMessagesOnlyFromSendersOrMembers property. As a result, the AcceptMessagesOnlyFrom and AcceptMessagesOnlyFromSendersOrMembers arguments cannot be used together in the same command.
You can see in the below screenshot that, the distribution list “Marketing” has no values in any of the AcceptMessages parameters, we will apply the values one by one for all of them.
We can use the below command-let to add “AbbeyCrawford2” in “AcceptMessagesOnlyFrom” parameter.
Set-DistributionGroup -identity "marketing" -AcceptMessagesOnlyFrom "AbbeyCrawford2"
-AcceptMessagesOnlyFromDLMembers
AcceptMessagesOnlyFromDLMembers determines who can send messages to this recipient. Other senders’ messages are refused.
This option accepts valid values from your organization’s groups (distribution groups and dynamic distribution groups). When a group is specified, it signifies that all members of the group are permitted to send messages to this recipient. Any value that uniquely identifies the group can be used.
Set-DistributionGroup -identity "marketing" -AcceptMessagesOnlyFromDLMember “marketing”
-AcceptMessagesOnlyFromSendersOrMembers
AcceptMessagesOnlyFromSendersOrMembers determines who is permitted to send messages to this recipient. Other senders’ messages are refused.
Individual senders and groups in your organization are both valid values for this field. Mailboxes, mail users, and mail contacts are all examples of individual senders. Distribution groups and dynamic distribution groups are examples of groups. When a group is specified, it signifies that all members of the group are permitted to send messages to this recipient.
You can use any value that uniquely identifies the sender to define senders for this parameter.
Set-DistributionGroup -identity "marketing" -AcceptMessagesOnlyFromSendersOrMembers “marketing”,”AbbeyCrawford2”
-EmailAddressPolicyEnabled
The EmailAddressPolicyEnabled argument controls whether email address policies should be applied to this recipient.
- True: This recipient is subject to email address regulations. This is the standard-setting as displayed in the following command-let:
Set-DistributionGroup -identity “marketing” -EmailAddressPolicyEnabled $true
- False: This recipient is exempt from email address regulations as displayed in the following command-let:
Set-DistributionGroup -identity “marketing” -EmailAddressPolicyEnabled $false
Set-DistributionGroup -identity “marketing” -EmailAddressPolicyEnabled $true
-GrantSendOnBehalfTo
The GrantSendOnBehalfTo parameter determines who can transmit on this group’s behalf. Even though messages sent on behalf of the group clearly indicate the sender in the From box, answers are sent to the group rather than the sender.
It is recommended that such parameter should be submitted via the following:
- Mail User
- Mailbox
- Mail-Enabled Security Group for which permissions can be assigned
Any value that uniquely identifies the sender can be used. For example:
- Name
- Alias
- Distinguished name (DN)
- Canonical DN
- Domain\Username
- Email address
- GUID
- LegacyExchangeDN
- SamAccountName
- User ID or user principal name (UPN)
You can use the below command-let to grant send on behalf permissions to any account.
Set-DistributionGroup -identity "marketing" -GrantSendOnBehalfTo "AbbeyCrawford2"
–MaxReceiveSize
This parameter is only available in Exchange on-premises.
The maximum size of an email message that may be sent to this group is specified by the MaxReceiveSize parameter. Messages that are larger than the limit are rejected by the group.
When entering a value, use one of the following units to qualify it:
- B (bits)
- KB (kilobytes)
- MB (megabytes)
- GB (gigabytes) (gigabytes)
Small numbers may be rounded up to the closest kilobyte, although unqualified values are normally handled as bytes.
An acceptable value is a number between 1.999999 gigabytes (2147483647 bytes) and 1.999999 gigabytes (2147483647 bytes) or an unbounded value. The default value is unlimited, suggesting that a size limit has been imposed elsewhere else (for example, organization, server, or connector limits).
Because Base64 encoding increases the size of messages by around 33%, set the value to be 33% bigger than the actual limit message size you wish to impose. The amount 64 MB, for example, results in a maximum message size of around 48 MB.
You can check the max receive size applied on a distribution list by using the following command in the screenshot:
And then you can decide and apply the desired limit of the maximum size of the message delivered to any distribution group, by using the below command-let.
Set-DistributionGroup –identity “marketing” -MaxReceiveSize 5mb
-MaxSendSize
This parameter is only available in Exchange on-premises.
The MaxSendSize option determines the maximum size of email message that this group may send.
When entering a value, use one of the following units to qualify it:
- B (bytes)
- KB (kilobytes)
- MB (megabytes
- GB (gigabytes) (gigabytes)
Small numbers may be rounded up to the closest kilobyte, although unqualified values are normally handled as bytes.
An acceptable value is a number between 1.999999 gigabytes (2147483647 bytes) and 1.999999 gigabytes (2147483647 bytes) or an unbounded value. The default value is unlimited, suggesting that a size limit has been imposed elsewhere else (for example, organization, server, or connector limits).
Because Base64 encoding increases the size of messages by around 33%, set the value to be 33% bigger than the actual limit message size you wish to impose. The amount of 64 MB, for example, results in a maximum message size of around 48 MB.
You can check the max receive size applied on a distribution list by using the following command for Get in the screenshot below
And then you can decide and apply the desired limit of the maximum size of the message delivered to any distribution group, by using the below command-let for Set-DistributionGroup
Set-DistributionGroup -identity “marketing” -MaxSendSize 10mb
Read More:
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.