How to manage Exchange dynamic distribution group restrictions and distribution and mail-enabled security groups restrictions for users in Office 365 dedicated


Groups that are synchronized to the Microsoft managed environment can be restricted. The tools that are used and the way that the restrictions are administered depend on the kind of group.

In this article


Dynamic distribution groups

Dynamic distribution groups are not synchronized from your environment. Therefore, you can manage delivery restrictions directly in the managed environment. You should do this by using Windows PowerShell.  
 
You can run the Set-DynamicDistribution cmdlet together with the following parameters:
  • AcceptMessagesOnlyFrom
  • AcceptMessagesOnlyFromDLMembers
  • AcceptMessagesOnlyFromSendersOrMembers
  • RejectMessagesFrom
  • RejectMessagesFromDLMembers
  • RejectMessagesFromSendersOrMembers
  • RequireSenderAuthenticationEnabled
For example, to a add a user to the existing AcceptMessagesOnlyFrom list for a given dynamic distribution group, run the following commands:
$Mailbox = Get-Mailbox John@contoso.com
$DDG=get-DynamicDistributionGroup DDG@contoso.com
$List=$DDG.AcceptMessagesOnlyFrom
$List +=$Mailbox
Set-DynamicDistributionGroup DDG@Contoso.com –AcceptMessagesOnlyFrom $List


Distribution and mail-enabled security groups

Distribution and mail-enabled security groups should be managed from the source forest. Microsoft Managed Services Service Provisioning Provider (MMSSPP) synchronizes the necessary attributes to the managed object automatically.

Note You can use one of the following tools to edit the attributes in the source environment:
The following table provides the relevant information about the Active Directory attribute name, the Exchange parameter name, the description, and the value.
Active Directory attribute nameExchange parameter nameDescriptionValue
unauthOrigRejectMessagesFrom

RejectMessagesFromSendersOrMembers
Messages rejected from (for mailboxes)Populate with the distinguished name (DN) of the user who should be restricted from sending messages to the mailbox or group.
authOrigAcceptMessagesOnlyFrom

AcceptMessagesOnlyFromSendersOrMembers
Messages accepted from (for mailboxes)Populate with the DN of the user who should have the permission to send messages to the mailbox or group.
dLMemRejectPermsRejectMessagesFromDLMembersMessages rejected from (for distribution groups)Populate with the DN of the group that should be restricted from sending messages to the mailbox or group.
dLMemSubmitPermsAcceptMessagesOnlyFromDLMembersMessages accepted from (for distribution groups)Populate with the DN of the group that should have the permission to send messages to the mailbox or group.
msExchRequireAuthToSendToRequireSenderAuthenticationEnabledRestrict messages from authenticated users only.Populate with True/False (Boolean value).

More Information

For more information about recipient restrictions, go to the following Microsoft TechNet website:
Eigenschaften

Artikelnummer: 2618066 – Letzte Überarbeitung: 17.03.2016 – Revision: 1

Feedback