Applies to: Exchange Server 2007
Topic Last Modified: 2008-06-17

Use the Update-SafeList cmdlet to update the safelist aggregation data in the Active Directory directory service. Safelist aggregation data is used in anti-spam filtering in Microsoft Exchange Server 2007. EdgeSync replicates safelist aggregation data to computers that have the Edge Transport server role installed.

The Update-SafeList cmdlet reads the safelist aggregation data that is stored on a Microsoft Office Outlook user mailbox and then hashes and writes the data to the corresponding user object in Active Directory. Safelist aggregation data contains the Outlook user's Safe Senders List and Safe Recipients List.

You use the Type parameter to specify whether you update the Outlook user's Safe Senders List or the Safe Recipients List, or both. However, only Safe Senders List data is used by the safelist aggregation feature; the safelist aggregation feature does not act on Safe Recipients List data. Therefore, to reduce storage and replication bloat in Active Directory, we do not recommend running the Type parameter with the SafeRecipients or Both values in Exchange 2007. The default value for the Type parameter is SafeSenders.

For more information about how safelist aggregation works, see Safelist Aggregation.

Syntax


`Update-SafeList -Identity <MailboxIdParameter> [-DomainController <Fqdn>] [-Type <SafeSenders \| SafeRecipients \| Both>]`

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter

Use this parameter to specify the Outlook user mailbox from which you want to collect safelist aggregation data. Valid input for this parameter includes the following values:

GUID
Distinguished Name (DN)
Domain\Account
UPN
LegacyExchangeDN
SmtpAddress
Alias

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory, include the DomainController parameter on the command. The DomainController parameter is not supported on computers that have the Edge Transport server role installed. The Edge Transport server role writes only to the local Active Directory Application Mode (ADAM) instance.

Type

Optional

Microsoft.Exchange.Management.RecipientTasks.UpdateType

Use this parameter to specify which user-generated list is updated to the user object. Valid values for this parameter are SafeSenders, SafeRecipients, and Both. The default value is SafeSenders.

Important:
In Exchange 2007, the safelist aggregation feature does not act on Safe Recipients List data. We do not recommend running the Type parameter with the `SafeRecipients` or `Both` values.

Detailed Description

To run the Update-SafeList cmdlet, the account you use must be delegated the following:

Exchange View-Only Administrators role
Exchange Recipient Administrator role

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error	Description

Exceptions

Exceptions	Description

Example

The first example shows how to update Safe Senders List data for a single user, KimA, by using the Update-SafeList cmdlet.

The second example shows how to update all safelist data for all mailbox users in your Exchange organization. By default, the Exchange Management Shell is configured to retrieve or modify objects that reside in the domain in which the Exchange server resides. Therefore, to retrieve all the mailboxes in your Exchange organization, you must set the value of $AdminSessionAdSettings.ViewEntireForest to $True. Then you can run the Get-Mailbox cmdlet and pipe its output to the Update-Safelist cmdlet to update all safelist data for all mailbox users in your Exchange organization.

Caution:
When you modify the value of $AdminSessionAdSettings.ViewEntireForest, the new value remains until you close your current Exchange Management Shell session. We recommend that you set $AdminSessionAdSettings.ViewEntireForest to `$False` immediately after you perform the task to avoid unintentionally modifying or retrieving objects beyond your intended scope.

	Copy Code
Update-Safelist -Identity KimA AdminSessionAdSettings.ViewEntireForest = $True get-mailbox -ResultSize Unlimited \| where {$_.RecipientType -eq [Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::UserMailbox } \| update-safelist

Copy Code

Update-Safelist -Identity KimA 
AdminSessionAdSettings.ViewEntireForest = $True
get-mailbox  -ResultSize Unlimited | where {$_.RecipientType -eq [Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::UserMailbox } | update-safelist