Hiding Distribution Group Membership – Exchange 2010

This feature is not available natively in Exchange 2010 due to the way permissions are assigned in later versions of Exchange, and was removed as a feature as it is an insecure way of achieving the end result (looking at a user in the GAL will show what groups they are a member of).

The replacement method provided by Microsoft is to use  Dynamic Distribution Groups which enumerate the group membership based on an LDAP query for a particular attribute being set on the user object, therefore membership is determined by the Hub Transport server at the point it is delivering the message.

If you do not wish to convert to dynamic groups, there is an alternative method, whereby an attribute on the Distribution Group object, which is accessible via ADSIEdit, named ‘hideDLMembership’ can be set to true, which will prevent the expansion of groups in Outlook and OWA.

Attempting to expand the DL membership in Outlook will give the following error message:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s