Archive for May 28th, 2010

Check who can send email to a group

Today I wanted to get a list of people who had rights to send messages to a few distribution lists in our company. This information is not readily available in Outlook, but turned out to be very easy to retrieve using PowerShell – this is literally just a few attributes to retrieve from your Active Directory.

Here’s a sample output of my script:

PS:\> Get-DLRestriction "Worldwide Everyone"
Checking restrictions for Worldwide Everyone

The following users can send messages to this list:

Anne Smith
John Able

Members of this group can send messages to this list: Domain\Communicators) :

Susan Gallings
Terry Adams

Only authenticated users can send messages to this list.
External senders get blocked.

I’ve uploaded the script to poshcode, but for your convenience also posting it here:

function Get-DLRestriction {
  param([System.String]  $DLName  )

  "Checking restrictions for $DLName"

  $DL = Get-QADGroup $DLName `
      -IncludedProperties AuthOrig, UnauthOrig, dLMemRejectPerms,`
                      dLMemSubmitPerms, msExchRequireAuthToSendTo

  # we'll set this to true if we see a restriction
  $restricted = $false

  # if the group with such a name is found
  if ( $DL -ne $null ) { 
    
    if ( $DL.AuthOrig -ne $null ) { 
      $restricted = $true
      "`nThe following users can send messages to this list:"
      $DL.AuthOrig | Get-QADUser
    }
    
    if ( $DL.UnauthOrig -ne $null ) { 
      $restricted = $true
      "`nAnyone BUT the following users can send messages to this list:"
      $DL.UnauthOrig | Get-QADUser
    }
    
    if ( $DL.dLMemSubmitPerms -ne $null ) { 
      $restricted = $true
      "`nMembers of this group can send messages to this list: $($DL.dLMemSubmitPerms | Get-QADGroup)) :"
      Get-QADGroupMember $DL.dLMemSubmitPerms
    }
    
    if ( $DL.dLMemRejectPerms -ne $null ) { 
      $restricted = $true
      "`nAnyone BUT members of this group can send messages to this list: $($DL.dLMemRejectPerms | Get-QADGroup)) :"
      Get-QADGroupMember $DL.dLMemRejectPerms
    }
    
    if ( $DL.msExchRequireAuthToSendTo ) { 
      $restricted = $true
      "`nOnly authenticated users can send messages to this list.`nExternal senders get blocked."
    }
    
    if ( -not $restricted ) {
      "`nThis list is not restricted. Anyone can email it."
    }
  } else {
    "`nDL $DLName not found."
  }
}
Advertisements

My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

May 2010
M T W T F S S
« Apr   Jun »
 12
3456789
10111213141516
17181920212223
24252627282930
31  
Advertisements

%d bloggers like this: