Category Archives: Exchange 2010

Safe Senders GPO Not Working

We had a GPO for Safe Senders in Outlook that was supposed to pull the Safe Senders from a text file shared on the SYSVOL, but it was not working.

I looked into Exchange 2010 to figure out how I could do Safe Senders at a server level rather than have to configure a GPO for it.

In the Exchange 2010 Management Console I navigated to Organization Configuration | Hub Transport | Transport Rules

Exchange 2010 Management Console - Transport Rules
Exchange 2010 Management Console – Transport Rules

On the Transport Rules tab I added a New Transport Rule:

Adding a new Transport Rule to Exchange 2010
Adding a new Transport Rule to Exchange 2010

When the wizard launches, it is very self explanatory and is built like an Outlook rule.

New Transport Rule Wizard
New Transport Rule Wizard

I selected to enable this new transport rule for the condition “when the From address matches text patterns” so I could add the domains I wanted to whitelist.


I added$ as my text pattern. I used a dollar sign at the end of the text pattern because of what I read on TechNet:

The dollar sign ( $ ) character indicates that the preceding pattern string must exist at the end of the text string being matched. For example,$ matches and, but doesn’t match

Since I know that everything I want to whitelist from AppRiver comes from I use the $ character in my text pattern.

After clicking OK and then Next, it’s time to figure out what Action to perform when a message matches this text pattern.

What do we want our Transport Rule to do?
What do we want our Transport Rule to do?

I chose “set the spam confidence level to value” and then clicked on the underlined blue text link in order to set the SCL to -1. This ensures that Outlook does not classify the message as spam and put it in the Junk E-mail folder.

On the next page of the wizard I did not enter any Exceptions because I want this transport rule to be active for all messages coming in to my organization from AppRiver.

Now the rule is complete. But as always, there are other ways to do it rather than using the GUI. As in most cases, you can use PowerShell!

This is the output that we see on the last page of the New Transport Rule Wizard, which we can translate into a PowerShell command:

Name: 'Safe Senders'
Comments: ''
Priority: '0'
Enabled: $true
FromAddressMatchesPatterns: '$'
SetSCL: '-1'

Translated into a working PowerShell command:

New-TransportRule -Name "Safe Senders" -Comments 'Safe Senders list to whitelist specific domains' -FromAddressMatchesPatterns: '$' -SetSCL: '-1'

Since I already had this rule set up, I modified the string to create a test transport rule:

New-TransportRule -Name "Safe Senders Test" -Comments 'Test List Made From Powershell' -FromAddressMatchesPatterns: '$' -SetSCL: '-1'
Creating a New Transport Rule via PowerShell
Creating a New Transport Rule via PowerShell

If you don’t want to enable your new Transport Rule right away, add in -Enabled $false to your command. Otherwise the rule will be enabled by default.
You can also add a -Priority X (where X is a number) to set the order in which your rules will be applied. Since this is my first rule, I do not need a Priority and the default will be 0. Any additional rules will be added as +1.

So now, does the rule actually work?

Held Spam Report email header from earlier in the day, before the rule (because the Held Spam Report comes from AppRiver):


Held Spam Report email header after adding the rule:


Using Notepad++ to add multiple users to a Distribution List

During the latest snowstorm here in Raleigh we had the need for a new distribution group so that we could communicate between a select group of people who were working from home.

I used PowerShell to create the Distribution Group with the New-DistributionGroup cmdlet

new-DistributionGroup -Name 'Remote Workers' -OrganizationalUnit 'mybiz.local/Groups/Distribution' -SamAccountName 'Remote Workers' -Alias 'RemoteWorkers'
set-DistributionGroup -Name 'Remote Workers' -RequireSenderAuthenticationEnabled $false
Sidenote: I set RequireSenderAuthenticationEnabled to $false because I wanted this group to be accessible to Internet emails. If I wanted it to be internal only, I would not bother with running this command. I learned quickly with Exchange 2010 that when a new distribution group is created it makes this value $true which prevents emails being sent to the group unless the user is authenticated (a member of your domain).

Now that the group was created, I needed to add approximately 30 users. Fortunately someone had created a spreadsheet detailing these particular users, with columns including:

Last Name, First Name, Mobile Number, Work Extension, Department, Title, Email Address

While I could use some Excel functions to make usernames out of Last Name + First Name, the easiest option here was to use all of the email addresses with a PowerShell command.

I copied the email addresses into Notepad++. To turn this into a PS cmdlet that we can run in the Exchange Management Shell we need to insert  the Add-DistributionGroupMember cmdlet before all of the email addresses. I could manually paste this on each line, but that would be annoying. And manual. After adding this to each line I also have to put a closing quotation mark at the end of each line to close the email address value. So if this was for 100 or 200 people, or even 1,000 people if your environment is that large, it would take a long time and a lot of keystrokes.

I would rather spend some time now figuring out how to automate this so that when I need to perform this in the future I can do it with ease. This is where the awesomeness begins!

Now that we’ve pasted our email address list into Notepad++ with each email address on its own line, follow these instructions to turn it all into lines of PowerShell code:

  1. Press CTRL + H to bring up the Replace window
  2. check off “Regular expression” at the bottom left
  3. put a caret ^ in the “Find what” field (this is the regular expression for “the beginning of each line”)
  4. in the “Replace with” field enter the following:
    Add-DistributionGroupMember -identity 'Remote Workers' -member "
  5.  Click “Replace All”

Your Notepad++ window should now like this:
Note that there is a quotation mark before each email address

Output after using Notepad++ "Replace All" to add code to each line
Output after using Notepad++ “Replace All” to add code to each line

We aren’t done yet, as we have to close each line with a quotation after the email address.

  1. In Notepad ++, put a dollar sign $ in the “Find what” field (this is the regular expression for “at the end of each line”)
  2. in the “Replace with” field enter a quotation mark “
  3. Click “Replace All”

Now you have a full line of PowerShell code that should look like this:

Add-DistributionGroupMember -identity 'Remote Workers' -member ""

Copy the entire Notepad++ window and paste this into your Exchange Management Shell to add all these users to the distribution group:

Output of Exchange Management Shell after pasting in code from Notepad++
Output of Exchange Management Shell after pasting in code from Notepad++

Don’t forget to press Enter for the last line. Since there is nothing following it, the shell will not process the command automatically as it did with all the previous lines.

Check your distribution group to see that it has its new members and be on your way to the next IT solution!