Share via

Setting up email approvers with a distribution group?

Keith Hampshire 96 Reputation points
2022-12-12T18:59:19.11+00:00

My place of employment uses Office365. We have a distribution group called allusers@keyman .com. Within that group there are two "nested" groups called GroupA & GroupB. I have approvers setup for anyone trying to email the allusers group. So far everything is working just fine.

The second part of this scenario is that my boss has asked me to NOT allow outside emails to be sent to GroupA & GroupB. With that being said, what is happening now is when someone from outside our origination emails the allusers group and once the approver approves it it gets dropped with an UNDELIVERABLE bounce back email. This is obviously happening become the email originated from outside our origination.

How can I set this up to where once the approver approves the external senders email to allusers is then allowed through?

The only other way I can see this working is if I remove the two nested distributions groups (GroupA & GroupB) from allusers and just add everybody one by one to the allusers group.

Hope this made sense.

Exchange | Exchange Server | Management
0 comments
Accepted answer
  1. Yuki Sun-MSFT 41,381 Reputation points Moderator
    2022-12-13T03:22:23.81+00:00

    Hi @Keith Hampshire ,

    The only other way I can see this working is if I remove the two nested distributions groups (GroupA & GroupB) from allusers and just add everybody one by one to the allusers group.

    Agree with you that this might be the only alternative if GroupA & GroupB have to be set to not allow external emails.

    Based on my understanding, when the approver approves the external sender's email to the allusers group, it only means the email is allowed to be sent to the members inside the allusers group. Since GroupA & GroupB themselves don't allow outside messages, it's expected that the mail cannot arrive neither GroupA nor GroupB and the external sender still gets the undeliverable notification.

    Given this, as you mentioned, you can remove the two groups via EAC or the script below (assuming the allusers group only contains the two groups): 

    $list = Get-DistributionGroupMember -Identity allusers  
$list | % {  
   Remove-DistributionGroupMember -Identity allusers -Member $_.Name -Confirm:$false  
   }

    Then copy the members in GroupA and GroupB to the allusers group: 

    Get-DistributionGroupMember -Identity "GroupA" | % {Add-DistributionGroupMember -Identity "allusers" -Member $_.Name}  
Get-DistributionGroupMember -Identity "GroupB" | % {Add-DistributionGroupMember -Identity "allusers" -Member $_.Name}

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.