David Szpunar: Lead Engineer, PC Help Services

David's Church Information Technology

November 11th, 2009 at 1:03 pm Print This Post Print This Post

Exchange 2010: Moderation and Nested Bypass

A new feature of Microsoft  Exchange 2010 (yes it’s out, yes we’re using it now, and yes I’m jumping ahead with this post rather than talking about implementing it :-) is called Moderation. It’s pretty slick, you can basically take a mailbox or Distribution Group and make it moderated so emails sent to it are held and any number of moderators are notified that there is a message they should approve or reject, which they can do easily (from Outlook or OWA) and it’s taken care of from there by the system. The official Exchange blog has a great post with the basics of Moderation (UPDATE: Thanks to E.J. Dyksen, Microsoft Exchange Program Manager and the author of the linked post, the linked article has been corrected, per his comment on this post (I verified it was changed)) so I don’t go into more detail, suffice it to say that we’re already using it and it works!

However, there is a flag you can set on a moderated object that will allow a moderator for a “parent” group to moderate an email once regardless if subgroups also require modification. Think a moderated all-staff list that contains a moderated group for a specific department; by default both the all-staff moderator and the department list moderator would have to approve a message to all-staff before the department recipients would receive it. If you’d rather have some groups like all-staff set so whoever moderates a message to that group auto-approves any subgroups as well (this is precisely why I wanted it, although we don’t have moderated subgroups yet), that’s why they added the flag called “BypassNestedModerationEnabled” which you can set to true with PowerShell.

The problem is, the few places that talk about that flag online call it a completely different name! Sure you can do “get-help Set-DistributionGroup -full” to see all the options (there are many) or you can find the same help online, but it’s not easy to track down if you’re looking for the wrong setting name! The correct syntax to enable this moderation bypass on a group (from within the Exchange PowerShell console) is:

Set-DistributionGroup -Identity "[group name]" -BypassNestedModerationEnabled $true

However the Exchange Team’s official blog says in it’s moderation post, in the FAQ section where it mentions nested approvals (near the end of the post), “If you set the BypassModerationEnabled flag to $true on the parent group, any messages sent to that group will bypass moderation by child groups.” Close, but it’s actually the BypassNestedModeration flag. If you do some searching, you’ll find a TechNet article called Understanding Moderated Transport which, again near the end in the Handling Multiple Moderated Recipients section, says, “To do this, you set the AutoApproveNestedDLEnabled parameter of the moderated distribution group to $true.” Which provides an even farther-off version of the same thing! At least with the correct version, you can more easily look it up in the TechNet Set-DistributionGroup topic where is is correct!

It’s likely the incorrect articles were both correct at the time they were written, during beta and release candidate cycles of Exchange 2010, with the final flag name being changed in the generally available version that came out this past Monday. I don’t know for sure as the GA version is all I’ve run, but it seems a likely explanation given that the articles are almost a month (the TechNet one) and five months (the Exchange Team blog) old. But apparently I’m the first person to write about it outside of them (that Google knows about).