Dynamic Distribution Groups–Part 2

Now you see me… Now you don’t!

In part one of this blog-couplet I talked about how you can very simply create a dynamic distribution group using a little bit of PowerShell. We also looked at how you can test to make sure that the right people will get an email when you send a mail to that DDG. In this post I want to cover off some of the options there are for securing the DDG and preventing abuse. We’ll look at:

  • Hiding a DDG from the GAL
  • Enabling moderation
  • Restricting who can send to the DDG

Hiding

Hiding a DDG from the GAL is easy, you’ll be pleased to hear! Smile (It does need PowerShell though…)

Set-DynamicDistributionGroup "All Staff" –HiddenFromAddressListsEnabled $true

This line of PS will set the DDG called “All Staff”, like the one we created in part one, to be hidden from the GAL. Only users who know it’s there will know about it. This is the easiest and most (in)visible way to reduce abuse as people won’t be able to surf through the GAL looking for people to annoy. Of course, to reverse this re-run the command changing $true to $false.

Moderating

Another way to reduce abuse or accidental bulk emailing is to enable moderation for the DDG. This would require a nominated alias to approve all mail sent to the DDG before allowing it to be delivered to the DDG recipients. You might want to enable this for DDGs that could have a very large audience – such as all staff members, or the entire student body.

Set-DynamicDistributionGroup "All Staff" –ModerationEnabled $true –ModeratedBy james -SendModerationNotifications Internal

This bit of PS turns on moderation for the “All Staff” DDG, nominating the alias “james” as the moderator and only sending rejection notifications to internal senders; this means that anyone emailing the DDG from outside of your organisation (i.e. spam) will not get any rejection notification.

Restricting

As well as hiding, and moderating, a DDG you may also want to restrict who can send messages to it in the first place (perhaps this is more appropriate than moderation) – for example you may want only your senior leadership team to be able to send to the “All Staff” group.

Set-DynamicDistributionGroup "All Staff" -AcceptMessagesOnlyFrom james, admin

This bit of PS sets the “All Staff” DDG to only accept mail from ‘james’, and ‘admin’.

There are lots of options for customising a DDG – I would definitely recommend taking a look at the Set-DynamicDistributionGroup cmdlet article on TechNet to get a flavour of what’s possible.