Article ID: 116046, created on May 6, 2013, last review on May 10, 2014

  • Applies to:
  • Operations Automation 5.4
  • Operations Automation 5.3


With the latest Microsoft Exchange 2010/2013 updates, a problem with customers' Distribution Lists visibility appeared.

All Distribution Lists created within an Exchange AD domain are displayed in the Groups section of the mailbox options in OWA, even if the MemberJoinRestriction parameter is set to Closed:

This behavior exposes the names and addresses of the Distribution Lists created by other tenants hosted in the same Hosted Exchange environment. 


The latest Exchange 2010/2013 updates change the way the OWA UI behaves. Now, the group status is checked only after a user attempts to add themselves to a group.


The problem can be resolved by completely disabling access to groups in OWA by updating the default Role Assignment Policy. Execute the following command (in a single line) in Exchange Management Shell on any of the Hosted Exchange nodes in the AD domain:
Get-ManagementRoleAssignment -RoleAssignee "Default Role Assignment Policy" -Role MyDistributionGroupMembership | Remove-ManagementRoleAssignment -Confirm:$false
After the command above is executed, the customer will not have the Groups item in OWA:

caea8340e2d186a540518d08602aa065 5356b422f65bdad1c3e9edca5d74a1ae ac82ce33439a9c1feec4ff4f2f638899 2554725ed606193dd9bbce21365bed4e a8cdca46e4357a6e38fded820770e272 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF