Configuring recipient moderation

Exchange 2010 is the first version of Exchange to implement the moderated transport feature. This allows you to require approval for all e-mail messages sent to a particular recipient by a designated moderator. In this recipe, you'll learn how to configure the moderation settings on recipients using the Exchange Management Shell.

How to do it...

  1. To enable moderation for a distribution group, use the Set-DistributionGroup cmdlet:
    Set-DistributionGroup -Identity Executives `
    -ModerationEnabled $true `
    -ModeratedBy administrator `
    -SendModerationNotifications Internal
  2. These same parameters can be used to configure moderation for a mailbox when using the Set-Mailbox cmdlet:
    Set-Mailbox -Identity dave `
    -ModerationEnabled $true `
    -ModeratedBy administrator `
    -SendModerationNotifications Internal
    

How it works...

When you enable moderation for a recipient, any e-mail message sent to that recipient must be reviewed by a moderator. When a message is sent to a moderated recipient, the moderator will receive the message and determine whether or not it should be accepted. This is done by the moderator through Outlook or OWA by clicking on an Approve or Reject button in the e-mail message. If the moderator accepts the message, it is delivered to the group. If it is rejected, the message is deleted, and, depending on the SendModerationNotifications setting, the sender may receive an e-mail informing them the message has been rejected.

Moderation can be enabled for any recipient, whether it's a mailbox, mail contact, mail user, distribution group, or mail-enabled public folder. The cmdlets for each of these recipient types can be used to configure moderation when a recipient is being created with the New-* cmdlets, or after the fact using the Set-* cmdlets. To view the list of cmldets that can be used to enable moderation, run the following command:

get-excommand | ?{$_.parameters.keys -eq 'ModerationEnabled'}

In our first example, we enabled moderation for the Executives distribution group, specifying that the administrator account will be used as the moderator for the group. As you can see in the example, we've used multiple parameters when running the command, but only the -ModerationEnabled parameter is required to change the moderation setting for the group. If no value is specified for the -ModeratedBy parameter, the group owner will review and approve the messages sent to the group. You can specify one or more owners when running the Set-DistributionGroup cmdlet with the -ManagedBy parameter.

The -SendModerationNotifications parameter allows you to control the status messages sent to the originator of a message that was sent to a moderated recipient. We have the option of using the following values for this parameter:

  • Always: Notifications are sent to all internal and external senders
  • Internal: Notifications are only sent to users within the organization
  • Never: Notifications are not sent at all

If no value is provided for the -SendModerationNotifications parameter when you enable moderation for a group, the setting will default to Always.

There's more...

There is an exception to every rule, and, of course, there may be times where we need to bypass moderation for certain recipients. Let's say that we need to bypass specific users from moderation on the Executives distribution group. The group moderator or group owners are already exempt from moderation. To exclude others we can specify a list of one or more recipients using the -BypassModerationFromSendersOrMembers parameter when running the Set-DistributionGroup cmdlet.

For example, to exclude a recipient named Bob from moderation on the Executives distribution group, run the following command:

Set-DistributionGroup -Identity Executives `
-BypassModerationFromSendersOrMembers bob@contoso.com

If you want the members of the moderated group, or any other distribution group, to be excluded from moderation, simply use the previous syntax and assign the identity of the group to the -BypassModertionFromSendersOrMembers parameter. You can assign multiple users or distribution groups at once; by separating each value with a comma.

Keep in mind that running the previous command will overwrite the existing list of bypassed members if any have been defined. For an example of how to add a new item to a multi-valued property, see the Working with arrays and hash tables in Chapter 1, PowerShell Key Concepts.

Additionally, you may need to bypass moderation for a group of several individual recipients. While you could add them one by one, this could be very time-consuming if you are dealing with a large number of recipients. Let's say that you want to exclude all the users in the San Diego office from moderation:

$exclude = Get-Mailbox –Filter {Office –eq ‘San Diego’} | 
  Select-Object -ExpandProperty alias

Set-DistributionGroup -Identity Executives `
-BypassModerationFromSendersOrMembers $exclude

In this example, we create a collection that contains the alias for each mailbox in the San Diego Office. Next, we use the Set-DistributionGroup cmdlet to exclude all of those recipients from moderation using a single command. While this might be useful in certain situations, it's easier to bypass moderation based on groups. If a group has been bypassed for moderation, you can simply manage the membership of the group and you don't need to worry about continuously updating individual recipients that are on the bypass list.

See also

  • Managing distribution groups