Message Restrictions - Available on Mail-Enabled Security Groups
The subject may be a simple answer, but I can't seem to find a definitive documented answer. Is it possible to set Message Restrictions (i.e. Allow only Authenticated Users or Allow Only (dlMemSubmitPerms) on mail-enabled Security groups or is that only an option with Distribution groups?
February 16th, 2010 5:09pm
Is this Exchange 2007 or 2003?From the 2007 EMC you can set the options you want on a Mail-Enabled Security Group. In the EMC, Open the Properties of the group, Click on the Mail Flow Settings Tab and then the Message Delivery Restrictions. You can set Require Authentication, Accept Messages from and Reject Messages From.J.Jason McCaughey
MCTS - Exchange 2007
Free Windows Admin Tool Kit Click here and download it now
February 16th, 2010 11:27pm
Thanks, this is Exch. 07.I should have noted, we don't use EMC since we are using a hosted Exchange. So, all changes are done in Active Directory Users & Computers or the attributes themselves. In ADUC, I see Message Restrictions on the 'Exchange General' tab of a distribution group. However, on a mail-enabled Security Group, it does not exist.Is the 'dlMemSubmitPerms' attribute still applicable to a mail-enabled Security Groups? Is there a different attribute that maps to your referenced location? Does Microsoft fully support these restrictions on mail-enabled Security groups and have it documented anywhere to your knowledge?
February 16th, 2010 11:47pm
I know that this is supported by Microsoft fully as it's in the EMC for editing. As far as the dlMemSubmitPerms, it is not applicable for Mail Enabled Security Groups.To set permissions on the group to allow Specific Senders, populate the authOrig Attribute with the users DN. From ADSI Edit you will have to add them one by one.To Reject messages from Specific Senders, the Attribute is unauthOrig. Same thing here. Takes DN of the users.The change the "Require That all Senders are Authenticated", the Attribute is msExchRequireAuthToSentTo. To enable, set the value as TRUE. To Disable, clear the attribute of any value.Hope this helps.J. Jason McCaughey
MCTS - Exchange 2007
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2010 12:46am
Agree with Jay except for “dlMemSubmitPerms” part, what’s the meaning about “not applicable for Mail Enabled Security Groups”? I think the attribute works for SG (Security Group) by add the DN of the DG (Distribution Group), which will also show in the “Properties” of SG via EMCJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com
February 17th, 2010 9:20am