Hi Readers,
Sharing one of the issue which every Exchange L1/L2 Admin face, while modifying Message Delivery Restrictions.
If there are terminated users in the restriction list i.e. users that don’t have mailbox you get below error:
Now to fix this just download & extract the zip file from below link, run the batch file
https://github.com/VikasSukhija/Downloads/blob/master/DLrestrictionFix.zip
This will ask you to enter the group name, for which you want to fix the Modify Message Delivery Restriction issue.
Logs will be created in the logs folder where you can check the restriction list that was in use & that has been applied after removing the problematic users.
################################################################################################# # Author: Lokesh Agarwal # Reviewer: Vikas Sukhija # Modfied: 05/02/1015 # Description: Fix Restriction list in distribution groups # # ################################################################################################# Param( [string]$name ) ####################################Define Logs############################## $date = get-date -format d $date = $date.ToString().Replace(“/”, “-”) $time = get-date -format t $time = $time.ToString().Replace(":", "-") $time = $time.ToString().Replace(" ", "") $log1 = ".\Logs" + "\" + "ExistingR_" + $date + "_" + $time + "_.log" $log2 = ".\Logs" + "\" + "NewR_" + $date + "_" + $time + "_.log" ##############################ADD Shell##################################### If ((Get-PSSnapin | where {$_.Name -match "Microsoft.Exchange.Management.PowerShell.E2010"}) -eq $null) { Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010 } $name= read-host "Please enter group name that needs to be fixed" $DLCurrent = Get-DistributionGroup -identity $name $DLTerminateUser = @((Get-DistributionGroup -identity $name ).AcceptMessagesOnlyFrom | %{$_.distinguishedname}) $TermCount = $DLTerminateUser.Count Write-host "Total restriction count $TermCount for $name" Add-content $log1 "Total restriction count $TermCount for $name" Add-content $log1 $DLTerminateUser while ($TermCount -ne 0) { if (!(Get-Mailbox $DLTerminateUser[$TermCount - 1])) { if(!(Get-DistributionGroup -identity $DLTerminateUser[$TermCount - 1])) { $DLCurrent.AcceptMessagesOnlyFrom $DLCurrent.AcceptMessagesOnlyFrom -= $DLTerminateUser[$TermCount - 1] $DLCurrent.AcceptMessagesOnlyFrom } } $TermCount = $TermCount - 1 } if($error -like "*couldn't be found*") { $error.clear() } $countitems= $DLCurrent.AcceptMessagesOnlyFrom $countit = $countitems.count Write-host "Total restriction count after removing Term users from $name is $countit" Add-content $log2 "Total restriction count after removing Term users from $name is $countit" Add-content $log2 $countitems timeout 20 Set-DistributionGroup -identity $name -AcceptMessagesOnlyFrom $DLCurrent.AcceptMessagesOnlyFrom timeout 20 $DLCurrent2 = Get-DistributionGroup -identity $name $DLTerminateUser2 = @((Get-DistributionGroup -identity $name ).AcceptMessagesOnlyFrom | %{$_.distinguishedname}) $TermCount2 = $DLTerminateUser2.Count Write-host "Final restriction count after removing Term users from $name is $TermCount2" Add-content $log2 "Final restriction count after removing Term users from $name is $TermCount2" ##############################################################################################################
Tech Wizard 
There are chances that the users to whom we have provided access to send mails to particular group, those users AD ID and Mailbox is in disabled state and Still those IDs will be part of ” Only senders in the following list”. In this case we cannot modify this list until we remove those disabled users from one of the attribute of the DL. My question is, does this powershell script works in this scenario as well?
If you are getting above error while modifying?
If user has ad account but doesn’t have exchange mailbox, this script works..
Handy script, thanks for sharing!
Thanks. Script was helpful! How can i use the script for multiple DLs?
Instead of param, you can just use get-content to get the list of dls to loop thru it.
Thank you Vikas, but how do i modify the script to use get-content? I’m not a powershell wizard.
ok I will modify the script & share..
just create DL.txt & belwo is the modified code:
$dllist = gc .\dl.txt
$dllist | foreach-object{
$name= $_
$DLCurrent = Get-DistributionGroup -identity $name
$DLTerminateUser = @((Get-DistributionGroup -identity $name ).AcceptMessagesOnlyFrom | %{$_.distinguishedname})
$TermCount = $DLTerminateUser.Count
Write-host “Total restriction count $TermCount for $name”
Add-content $log1 “Total restriction count $TermCount for $name”
Add-content $log1 $DLTerminateUser
while ($TermCount -ne 0)
{
if (!(Get-Mailbox $DLTerminateUser[$TermCount – 1]))
{ if(!(Get-DistributionGroup -identity $DLTerminateUser[$TermCount – 1]))
{
$DLCurrent.AcceptMessagesOnlyFrom
$DLCurrent.AcceptMessagesOnlyFrom -= $DLTerminateUser[$TermCount – 1]
$DLCurrent.AcceptMessagesOnlyFrom
}
}
$TermCount = $TermCount – 1
}
if($error -like “*couldn’t be found*”)
{
$error.clear()
}
$countitems= $DLCurrent.AcceptMessagesOnlyFrom
$countit = $countitems.count
Write-host “Total restriction count after removing Term users from $name is $countit”
Add-content $log2 “Total restriction count after removing Term users from $name is $countit”
Add-content $log2 $countitems
timeout 20
Set-DistributionGroup -identity $name -AcceptMessagesOnlyFrom $DLCurrent.AcceptMessagesOnlyFrom
timeout 20
$DLCurrent2 = Get-DistributionGroup -identity $name
$DLTerminateUser2 = @((Get-DistributionGroup -identity $name ).AcceptMessagesOnlyFrom | %{$_.distinguishedname})
$TermCount2 = $DLTerminateUser2.Count
Write-host “Final restriction count after removing Term users from $name is $TermCount2”
Add-content $log2 “Final restriction count after removing Term users from $name is $TermCount2”
}