The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

gpt2001 (2) [Avatar] Offline
#1
I am able to get a list of users who can send to a group by doing a foreach on the authOrig property for a group.

I am confused why it doesn't show the groups that are authorized to send to the group aswell.

I think I am keying on the right property. I can't find any other properties that seems to have the list of authorizated orginators. I am using Exchange 2003.

Any help would be appreciate.

Enjoying the book and powershll. Long time VBscripter and now hooked on powershell.

Thanks,
Greg Thomas

##########################################################
# listrgroups.ps1
#
# List all mail enabled groups in AD that are restricted as far as who can send to the groups
#
# written 12/18/08 by Greg Thomas
#
##########################################################

# define constants
set-variable -name strlogfilename -value `
c:pscriptslistrgroupslistrgroups.log -option Constant
set-variable -name strgroupfilename -value `
c:pscriptslistrgroupslistrgroups.txt -option Constant

# write hearder to log file
"List all restricted send mail enabled groups script Log(listrgroups.ps1)" | out-file -filepath $strlogfilename
"******************************************" | out-file -filepath $strlogfilename -append
get-date | out-file -filepath $strlogfilename -append



# setup search to get get all the groups
$strFilter = "(objectCategory=Group)"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
#$colProplist = "name", "description", "whenchanged"
$colProplist = "name"
foreach ($i in $colPropList){$result = $objSearcher.PropertiesToLoad.Add($i)}

# execute search
$colResults = $objSearcher.FindAll()

# clear groups output file if already exists
if (Test-Path -path $strgroupfilename)
{
clear-content -path $strgroupfilename
}


# write header for groups file
[string] $stroutstring = "GroupName"
$stroutstring += "`t"
$stroutstring += "legacyExchangeDN"
$stroutstring += "`t"
$stroutstring += "AuthorizedSenders"
$stroutstring += "`t"
$stroutstring += "OUpath"
add-content -path $strgroupfilename -value $stroutstring

# start output count at 0 for groups that are mail enabled
[int] $intoutcount = 0

# loop through each group
foreach ($objResult in $colResults)
{
$objItem = $objResult.Properties
[string] $strldap = $objItem.adspath
$group = [ADSI]"$strldap"

# if mail enabled group then add to group output file
if (($group.legacyExchangeDN -ne "") -and ($group.authOrig -ne ""))
{
[string] $stroutstring = $objItem.name
$stroutstring += "`t"
$stroutstring += $group.legacyExchangeDN
$stroutstring += "`t"
foreach ($objOrig in $group.authOrig)
{
$stroutstring += $objOrig
$stroutstring += ";"
}
$stroutstring += "`t"
$stroutstring += $objItem.adspath
add-content -path $strgroupfilename -value $stroutstring
$intoutcount++
}
}

# write group count and footer to log file
[string] $stroutstring = $intoutcount.ToString()
$stroutstring += " restricted send mail enabled groups found in AD and written to group output file "
$stroutstring += $strgroupfilename
$stroutstring >> $strlogfilename
get-date | out-file -filepath $strlogfilename -append
gpt2001 (2) [Avatar] Offline
#2
Re: problem getting list of authorized senders who can send to a group
I got help on one of the Microsoft exchange newsgroups. Thanks to Shay Levy.

Solution is to get the group approved senders is to look in the dLMemSubmitPerms attribute. Get the user approved senders in the authOrig attribute.

"Shay Levy [MVP]" wrote:

> Hello Greg,
>
> Try the dLMemSubmitPerms attribute.
>
> ---
> Shay Levy
> Windows PowerShell MVP
> http://blogs.microsoft.co.il/blogs/ScriptFanatic
> PowerShell Toolbar: http://tinyurl.com/PSToolbar
>