Specific sender restriction (authOrig) not synced

[TPok1707]

After checking the results of my first sync batch I noticed that there may be a bug. We have distribution lists where sending mails should only permitted for specific users. This is stored in the authOrig attribute on premise. The script seems to read this information correctly. In originalDLConfigurationADXML.xml I can see:

    <Obj N="authOrig" RefId="1">
        <TN RefId="1">
          <T>Microsoft.ActiveDirectory.Management.ADPropertyValueCollection</T>
          <T>System.Collections.CollectionBase</T>
          <T>System.Object</T>
        </TN>
        <LST>
          <S>CN=Some User1,OU=Normal,OU=Users,DC=ad,DC=company,DC=com</S>
          <S>CN=Some User2,OU=Normal,OU=Users,DC=ad,DC=company,DC=com</S>
          <S>CN=Some User3,OU=Normal,OU=Users,DC=ad,DC=company,DC=com</S>
         </LST>
      </Obj>

After migration to the cloud this setting is lost. Anybody is allowed to send to the group.

I went a little bit through the source code. Could this be the area that leads to the error? File: DLConversionV2.psm1

    Out-LogFile -string "Invoke get-NormalizedDN to normalize the accept members DN to Office 365 identifier."

    Out-LogFile -string "ACCEPT USERS"

    if ($originalDLConfiguration.($onPremADAttributes.onPremRejectMessagesFromDLMembers.value) -ne $NULL)
    {
        foreach ($DN in $originalDLConfiguration.($onPremADAttributes.onPremAcceptMessagesFromSenders.value))
        {
            if ($forLoopCounter -eq $forLoopTrigger)
            {
                start-sleepProgress -sleepString "Throttling for 5 seconds..." -sleepSeconds 5

Should it be instead like this? if ($originalDLConfiguration.($onPremADAttributes.onPremAcceptMessagesFromSenders.value) -ne $NULL)

[timmcmic]

Can you send me the full log. Dlconversionv2 @ service dot Microsoft dot com

============================== Timothy J. McMichael Senior Support Escalation Engineer @.**@.> (980)-776-7465

Hours: Sunday – Wednesday 08:00 – 16:00 eastern time zone.

Manager: Tom Roughley @.**@.>)

Premier Support - (800)-936-3100 Broad Commercial Support - (800)-936-4900

==============================

---

From: TPok1707 @.> Sent: Thursday, February 2, 2023 4:40 PM To: timmcmic/DLConversionV2 @.> Cc: Subscribed @.***> Subject: [timmcmic/DLConversionV2] Specific sender restriction (authOrig) not synced (Issue #108)

After checking the results of my first sync batch I noticed that there may be a bug. We have distribution lists where sending mails should only permitted for specific users. This is stored in the authOrig attribute on premise. The script seems to read this information correctly. In originalDLConfigurationADXML.xml I can see:

Microsoft.ActiveDirectory.Management.ADPropertyValueCollection System.Collections.CollectionBase System.Object CN=Some User1,OU=Normal,OU=Users,DC=ad,DC=company,DC=com CN=Some User2,OU=Normal,OU=Users,DC=ad,DC=company,DC=com CN=Some User3,OU=Normal,OU=Users,DC=ad,DC=company,DC=com

After migration to the cloud this setting is lost. Anybody is allowed to send to the group. I could not find any log entry about this indicating that this setting is processed somehow.

— Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftimmcmic%2FDLConversionV2%2Fissues%2F108&data=05%7C01%7Ctimmcmic%40microsoft.com%7Cfd004d8e0f064499144608db05660c66%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638109708087998776%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ObyQsfbAD0ZzjhtLtpvvUabrfKUI5%2FsnY98BIAxGmYk%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAKGTN6IJTRJKJRFAWFPJNETWVQSTLANCNFSM6AAAAAAUPRILJA&data=05%7C01%7Ctimmcmic%40microsoft.com%7Cfd004d8e0f064499144608db05660c66%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638109708088155462%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=F6b6Z5VZpKTt4m1NzZ0D8GdtrPA%2Bxy9DlRpoqrIeXhM%3D&reserved=0. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[timmcmic]

You are correct! Also looks like a test case error. The case scripts have both accept and reject - so it created a false positive in that the rights were maintained solely becuase something else had reject rights in the groups attribute. I've fixed the source and am rerunning some isolated tests now.

[timmcmic]

FIxed 2.9.6.3 published today.