This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 84%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Exchange Server deployed on-premises, is there a solution that prohibits users to expand the members of distribution groups in the address book? Currently tried to set it in the AD group object, with powershell command Set-ADGroup -Identity "groupname" -replace @{hideDLMembership=$false};
Once set, in OWA and the Windows outlook client, you can disable expansion and can't view group members. However, if you use the MAC client, you can still access and view the group members normally.
Is there a feasible solution for the on-premises Exchange Server system to prevent users from viewing and expanding distribution group members? Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 20%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Any updates so far? If you have solved your problem, could you share with us? Maybe it will help more people with similar problems. Don't forget to mark it as answer, this will be easy for other community members to find the useful one.
Hi,
Welcome to the Microsoft Q&A platform!
You can try to use the Add-ADPermission cmdlet to set permissions.
For example, to prevent a specific user or group from expanding a distribution group:
Add-ADPermission -Identity "DistributionGroupName" -User "UserOrGroupName" -Deny -ExtendedRights "Read Members"
More details about this cmdlet you can refer to:Add-ADPermission
Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer!
Thank you for replying.
It indicates that there is no such ExtendedRights "Read Members" .
My mistake, that method may not be effective. It is recommended that you use ABP to implement the partitioning.
New-AddressBookPolicy -Name "RestrictedABP" -AddressLists "RestrictedAddressList" -GlobalAddressList "RestrictedGAL" -OfflineAddressBook "RestrictedOAB" -RoomList "RestrictedRooms" -PolicyScope "LimitedScope"
Set-Mailbox -Identity "username" -AddressBookPolicy "RestrictedABP"
More details you can refer to:https://video2.skills-academy.com/en-us/exchange/email-addresses-and-address-books/address-book-policies/abp-procedures?view=exchserver-2019
I'm not aware of any way to prevent that.
Hiding the members is not the same as preventing expansion.
The only way to prevent users from expansion would be to use a dynamic distrib group.
Thank you for replying.
Yes. Hiding the didtribution group is an effective way, but it's not user-friendly.