Today I wanted to get a list of people who had rights to send messages to a few distribution lists in our company. This information is not readily available in Outlook, but turned out to be very easy to retrieve using PowerShell – this is literally just a few attributes to retrieve from your Active Directory.
Here’s a sample output of my script:
PS:\> Get-DLRestriction "Worldwide Everyone" Checking restrictions for Worldwide Everyone The following users can send messages to this list: Anne Smith John Able Members of this group can send messages to this list: Domain\Communicators) : Susan Gallings Terry Adams Only authenticated users can send messages to this list. External senders get blocked.
I’ve uploaded the script to poshcode, but for your convenience also posting it here:
function Get-DLRestriction { param([System.String] $DLName ) "Checking restrictions for $DLName" $DL = Get-QADGroup $DLName ` -IncludedProperties AuthOrig, UnauthOrig, dLMemRejectPerms,` dLMemSubmitPerms, msExchRequireAuthToSendTo # we'll set this to true if we see a restriction $restricted = $false # if the group with such a name is found if ( $DL -ne $null ) { if ( $DL.AuthOrig -ne $null ) { $restricted = $true "`nThe following users can send messages to this list:" $DL.AuthOrig | Get-QADUser } if ( $DL.UnauthOrig -ne $null ) { $restricted = $true "`nAnyone BUT the following users can send messages to this list:" $DL.UnauthOrig | Get-QADUser } if ( $DL.dLMemSubmitPerms -ne $null ) { $restricted = $true "`nMembers of this group can send messages to this list: $($DL.dLMemSubmitPerms | Get-QADGroup)) :" Get-QADGroupMember $DL.dLMemSubmitPerms } if ( $DL.dLMemRejectPerms -ne $null ) { $restricted = $true "`nAnyone BUT members of this group can send messages to this list: $($DL.dLMemRejectPerms | Get-QADGroup)) :" Get-QADGroupMember $DL.dLMemRejectPerms } if ( $DL.msExchRequireAuthToSendTo ) { $restricted = $true "`nOnly authenticated users can send messages to this list.`nExternal senders get blocked." } if ( -not $restricted ) { "`nThis list is not restricted. Anyone can email it." } } else { "`nDL $DLName not found." } }
Hi there
the only problem is that we can retrive members not groups.
is there any possibility to retrive groups not users?
Thanks
You mean, when it reports who has access? It reports users, because I had “Get-QADUser” in the script. Change it to Get-QADObject and it will show all objects: both users and groups.