Manage Office 365 Moderation Distribution List from Local Active Directory


With Office 365 and AADSync/DirSync, you can use local Active Directory groups as distribution lists. This is useful because you’ll only have one management endpoint for your users and groups : Active Directory. this is a known technology, so you do not need to train your support teams.

There are some caveats, indeed, if you want to enable self service on group membership, you’ll need to put some Active Directory delegation in place, and some tooling for managing group member from end users computers. Another one is moderation. In Exchange, you can set a list of users that will validate mail sent on names distribution list, and they will be able to accept or refuse those mail. this is intended to limit spam inside the organization.

To do that, you need some Exchange attribute on your local Active Directory schema. Indeed, we’ll modify them to mimic Exchange behavior.

To enable moderation, you need to modify two attributes :

  • msExchEnableModeration
  • msExchModeratedByLink

The first one is a boolean, the second one is a list of string with moderators DistinguishedName’s.

Once those attributes populated, force a AADSync/DirSync synchronization, and check in the Office 365 portal :


When someone tries to send a mail to that moderated distribution list, the moderators are notified for approval :


If you accept it, the mail go through, if you decline, the original sender gets notified :


If another moderator accept/reject before you, you also get notified :


And if you’re responsive enough, the moderation expires :


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.