Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2008-07-18

Use the Update-SafeList cmdlet to update the safelist aggregation data in the Active Directory directory service. Safelist aggregation data is used in anti-spam filtering in Microsoft Exchange Server 2007. EdgeSync replicates safelist aggregation data to computers that have the Edge Transport server role installed.

The Update-SafeList cmdlet reads the safelist aggregation data that is stored on a Microsoft Office Outlook user mailbox and then hashes and writes the data to the corresponding user object in Active Directory. Safelist aggregation data contains the Outlook user's Safe Senders List and Safe Recipients List.

You use the Type parameter to specify whether you update the Outlook user's Safe Senders List or the Safe Recipients List, or both. However, only Safe Senders List data is used by the safelist aggregation feature; the safelist aggregation feature does not act on Safe Recipients List data. Therefore, to reduce storage and replication bloat in Active Directory, we do not recommend running the Type parameter with the SafeRecipients or Both values in Exchange 2007. The default value for the Type parameter is SafeSenders.

For more information about how safelist aggregation works, see Safelist Aggregation.

Syntax

Update-SafeList -Identity <MailboxIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IncludeDomains <SwitchParameter>] [-Type <SafeSenders | SafeRecipients | Both>] [-WhatIf [<SwitchParameter>]]

Parameters

Parameter Required Type Description

Identity

Required

Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter

Use this parameter to specify the Outlook user mailbox from which you want to collect safelist aggregation data. Valid input for this parameter includes the following values:

  • GUID

  • Distinguished Name (DN)

  • Domain\Account

  • UPN

  • LegacyExchangeDN

  • SmtpAddress

  • Alias

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm parameter causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm parameter.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

To specify the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory, include the DomainController parameter on the command. The DomainController parameter is not supported on computers that have the Edge Transport server role installed. The Edge Transport server role writes only to the local Active Directory Application Mode (ADAM) instance.

IncludeDomains

Optional

System.Management.Automation.SwitchParameter

Use this parameter if you want to include the sender domains that are specified by users in Outlook to the aggregated safelists. By default, domains that are specified by the senders are not included.

In most cases, we do not recommend that you include domains because users may include the domains of large Internet service providers (ISP), which could unintentionally provide addresses that may be used or spoofed by spammers.

Type

Optional

Microsoft.Exchange.Management.RecipientTasks.UpdateType

Use this parameter to specify which user-generated list is updated to the user object. Valid values for this parameter are SafeSenders, SafeRecipients, and Both. The default value is SafeSenders.

Important:
In Exchange 2007, the safelist aggregation feature does not act on Safe Recipients List data. We do not recommend running the Type parameter with the SafeRecipients or Both values.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf parameter instructs the command to simulate the actions that it would take on the object. By using the WhatIf parameter, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf parameter.

Detailed Description

To run the Update-SafeList cmdlet, the account you use must be delegated the following:

  • Exchange View-Only Administrators role

  • Exchange Recipient Administrator role

For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Input Types

Return Types

Errors

Error Description

  

 

Exceptions

Exceptions Description

 

 

Example

The first example shows how to update Safe Senders List data for a single user, KimA, by using the Update-SafeList cmdlet.

The second example shows how to update all safelist data for all mailbox users in your Exchange organization. By default, the Exchange Management Shell is configured to retrieve or modify objects that reside in the domain in which the Exchange server resides. Therefore, to retrieve all the mailboxes in your Exchange organization, you must set the value of $AdminSessionAdSettings.ViewEntireForest to $True. Then you can run the Get-Mailbox cmdlet and pipe its output to the Update-Safelist cmdlet to update all safelist data for all mailbox users in your Exchange organization.

Caution:
When you modify the value of $AdminSessionAdSettings.ViewEntireForest, the new value remains until you close your current Exchange Management Shell session. We recommend that you set $AdminSessionAdSettings.ViewEntireForest to $False immediately after you perform the task to avoid unintentionally modifying or retrieving objects beyond your intended scope.
Copy Code
Update-Safelist -Identity KimA
Copy Code
AdminSessionAdSettings.ViewEntireForest = $True
get-mailbox -ResultSize Unlimited | where {$_.RecipientType -eq [Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::UserMailbox } | update-safelist