Managing Distribution Groups in Exchange Server (Part 2)


If you would like to read the other parts in this article series please go to:

Controlling Group membership…

Using Distribution Groups in Exchange Server 2010, an exchange administrator is able to manage the membership process for that Group in an easy way. The configuration is pretty straight forward, if you have a Distribution Group you will have the Membership Approval tab (Figure 01) and two available configurations: the first one which configures the process to join the group and second one is about the process to leave the group.


Figure 01

In order to join the group we can define if the process is Open where any user can join the group without any intervention from the group owners; Closed (the default value) where only the group owners are able to add members, and the last one is Owner approval where the users can ask for approval from the group owners which is the most democratic option.

The other portion is the unjoin group process. By default is Open where anyone can leave the group, but there is also Closed where only the group owner is able to remove them. Let’s use a simple example to better understand the process:

Scenario: We created a group from scratch and that group has all default values for Membership Approval which is Closed for joining the group, and Open for Leaving the group.

Log in as a user that is neither an owner nor a member of the group, click Options, See All Options, then click Groups and then click Join on the Public Groups I Belong To section. A list of all available groups will be displayed, let’s select a group and click Join.

In the following window the user will have the information about the group’s owner and its current members and the membership request process. In this situation notice that the message is clear: Requests to join are automatically rejected as shown in Figure 02


Figure 02

If the user tries to click Join, he/she will receive an error message similar to the one shown in Figure 03.


Figure 03

Now, let’s change the approval method to Owner approval instead of Close. We are going to follow the same previous steps that we have just done to join the group, the difference is that now the message that will show up it is going to be the one shown in Figure 04.


Figure 04

Also, in the owner Inbox a new message coming from Microsoft Exchange Approval Assistant on behalf of the user who had done the request will show up (Figure 05). In order to approve that user to join the group, the owner just needs to click the Approve button.


Figure 05

As soon as the owner approves the user who requested access to the group will be informed by an e-mail message, as shown in Figure 06.


Figure 06

Since a Distribution Group can have more than one owner which means that a request to join a group will be sent to all possible owners, then what happens when one owner approve and another denies the same request? Well the answer is simple, as soon as the first one approves the request, the second one will receive a message like the one shown in Figure 07 if he tries to reject the request.


Figure 07

Moderating a Distribution Group…

Another cool feature of the Distribution Group management is moderation. We had some sort of capabilities when Exchange Server 2007 was released through Transport Rules, however, in Exchange Server 2010 it is much easier.

In order to validate the functionality, let’s double click on the desired group in the Exchange Management Console, click Mail Flow Settings, and then double click Message Moderation. In the new window we can manage the Message Moderation for the specific distribution group (Figure 08), by default the option Messages sent to this group have to be approved by a moderator is uncheck.  For the sake of testing let’s check the first option which enables the feature. Basically, we have to define two main settings: firstly, who are the moderators, if there is none specified on this page, then the group owners will be the moderators; secondly, who is the exception for this distribution group. Normally, companies wouldn’t allow the option to moderate messages coming from CIO, CEO and CFO. Those names are strong candidates for this setting. Finally, we can define the behavior of the notification if a message doesn’t get approved.


Figure 08

Since we have moderation in place, if a regular user tries to send a message to the Distribution Group he will receive a Mail tip warning as shown in Figure 09, stating that the message may be rejected or delayed.


Figure 09

In the moderator mailbox a message with the content sent by the user will be displayed and the moderator (figure 10) can Approve or Reject (by the way, on Reject button you can write a response before sending the message).


Figure 10

If you reject the message and write additional comments then the end-user will receive a message as shown in Figure 11.


Figure 11

Managing Distribution Group Naming Policy

This is a new Exchange Server 2010 feature where we can define a simple logic to create Distribution Groups and also create an exception list of words that cannot be used when creating a Distribution Group. It becomes really important when we start giving end-users rights to create and manage distribution groups.

In order to manage the Group Naming policy we can use either Exchange Management Console or Exchange Management Shell.

Do you still remember our naming convention for Distribution Groups? Here it goes:

#<Location>-<Group Name>

Also, we don’t want groups with some specific names in our company. Let’s avoid any groups containing the following words: Sex, Raffle, and Baby Shower. Users sometimes are predictable and we can avoid some awkward group names in advance using such feature.

Let’s start testing with the blocked word list. Let’s open Exchange Management Shell and define the words using the following cmdlet:

Set-OrganizationConfig –DistributionGroupNameBlockedWordsList “<list-of-words-using-comma>”

In our scenario we would be using this following cmdlet: Set-OrganizationConfig –DistributionGroupNameBlockedWordsList “Sext, Raffle, baby shower”

After running the cmdlet we can use any interface to create a group that contains any of those words and we are going to get a message like the one depicted in the Figure 12.


Figure 12

Now, it’s time to apply the policy based on our naming convention. We can use string and some attributes of the user creating the group. This means that if we have delegation in place and the users in the right OUs, the Distribution Group naming process becomes really easy. These are the attributes that can be used during the group creation:

  • Department
  • Company
  • Office
  • StateOrProvince
  • CountryorRegion
  • Countrycode
  • Title
  • CustomAttribute1 to CustomAttribute15

In order to create the rule we need to use Set-OrganizationConfig cmdlet and each attribute must be enclosed in <>, also <GroupName> means the text the user is going to enter during the creation process.

Before starting defining the policy make sure that the user who is going to create the Group has a Country attribute defined in its Active Directory object and then open Exchange Management Shell and run the following cmdlet:

Set-OrganizationConfig -DistributionGroupNamingPolicy “#<CountryOrRegion>-<GroupName>”

Now, if a user with Canada set as the country in Active Directory tries to create a group and types in XYZ for example, the Group Display Name will be #Canada-XYZ.

Well, we have seen the hard part, that is, to create the Group Naming Policy using Exchange Management Shell, however, we can also use ECP (Exchange Control Panel). When we are managing at the organization level, and select Users & Groups, and then Distribution Groups we will notice the Group naming Policy section at the bottom (Figure 13). In order to manage it, just click Edit and all options related to block-words and group names will be available (Figure 14).


Figure 13


Figure 14

Conclusion

In this second article we have seen how to moderate and control membership approval in Exchange Server 2010, also we checked out how to create a Distribution Group Naming Policy using either Outlook Web App or Exchange Management Shell.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top