« Windows & AD Security Webcast
How to find me at TechEd »

Check who can send email to a group

Published May 28, 2010 Active Directory , AD , AD cmdlets , Examples , Exchange , PowerShell Comment

Today I wanted to get a list of people who had rights to send messages to a few distribution lists in our company. This information is not readily available in Outlook, but turned out to be very easy to retrieve using PowerShell – this is literally just a few attributes to retrieve from your Active Directory.

Here’s a sample output of my script:

PS:\> Get-DLRestriction "Worldwide Everyone"
Checking restrictions for Worldwide Everyone

The following users can send messages to this list:

Anne Smith
John Able

Members of this group can send messages to this list: Domain\Communicators) :

Susan Gallings
Terry Adams

Only authenticated users can send messages to this list.
External senders get blocked.

I’ve uploaded the script to poshcode, but for your convenience also posting it here:

function Get-DLRestriction {
  param([System.String]  $DLName  )

  "Checking restrictions for $DLName"

  $DL = Get-QADGroup $DLName `
      -IncludedProperties AuthOrig, UnauthOrig, dLMemRejectPerms,`
                      dLMemSubmitPerms, msExchRequireAuthToSendTo

  # we'll set this to true if we see a restriction
  $restricted = $false

  # if the group with such a name is found
  if ( $DL -ne $null ) { 

    if ( $DL.AuthOrig -ne $null ) {
      $restricted = $true
      "`nThe following users can send messages to this list:"
      $DL.AuthOrig | Get-QADUser
    }

    if ( $DL.UnauthOrig -ne $null ) {
      $restricted = $true
      "`nAnyone BUT the following users can send messages to this list:"
      $DL.UnauthOrig | Get-QADUser
    }

    if ( $DL.dLMemSubmitPerms -ne $null ) {
      $restricted = $true
      "`nMembers of this group can send messages to this list: $($DL.dLMemSubmitPerms | Get-QADGroup)) :"
      Get-QADGroupMember $DL.dLMemSubmitPerms
    }

    if ( $DL.dLMemRejectPerms -ne $null ) {
      $restricted = $true
      "`nAnyone BUT members of this group can send messages to this list: $($DL.dLMemRejectPerms | Get-QADGroup)) :"
      Get-QADGroupMember $DL.dLMemRejectPerms
    }

    if ( $DL.msExchRequireAuthToSendTo ) {
      $restricted = $true
      "`nOnly authenticated users can send messages to this list.`nExternal senders get blocked."
    }

    if ( -not $restricted ) {
      "`nThis list is not restricted. Anyone can email it."
    }
  } else {
    "`nDL $DLName not found."
  }
}
Advertisement

1 Response to “Check who can send email to a group”

Feed for this Entry Trackback Address

  1. 1 Dew Drop – May 28, 2010 | Alvin Ashcraft's Morning Dew Trackback on May 28, 2010 at 12:23 pm

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

« Windows & AD Security Webcast
How to find me at TechEd »

 Subscribe in a reader

Subscribe by email

Add to Technorati Favorites

My PowerShell community is PowerGUI.org

My Recent Tweets

Archives

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer Quest Software or anyone else for that matter. All trademarks acknowledged.

© 2007 Dmitry Sotnikov

Pages

 

May 2010
M T W T F S S
« Apr   Jun »
 12
3456789
10111213141516
17181920212223
24252627282930
31  
Follow

Get every new post delivered to your Inbox.

Join 47 other followers