HOW TO Update multi-valued attributes in PowerShell

by Bharat Suneja

Multivalued attributes are simply attributes that can have more than one value. Examples include members attribute of groups, or proxyAddresses attribute of recipients.

In GUI interfaces, it is simple to add/modify multivalued attributes. VBScript has control codes that allow you to control the interaction with multi-valued attributes – 1 = clear all entries, 2 = update all entries, 3 = append, and 4 = delete.

Exchange shell uses Add commands to add new entries to some multivalued attributes – e.g. Add-IPBlockListEntry to add another IP address or range to the IP Block List.

However, if you want to add more values to stuff like BypassedSenderDomains in ContentFilterConfig, there’s no equivalent of an Add command. If you try to add a value to the attribute using the following syntax, the existing values will be replaced by the newer ones:

Set-ContentFilterConfig -BypassedSenderDomains “”

You could copy the existing values (e.g.,, and paste these along with the new value:

Set-ContentFilterConfig -BypassedSenderDomains “”,””,””

However, this copying and pasting can be tricky for attributes that have a lot of values. Another alternative (..thanks to Vivek for the suggestion):

$foo.BypassedSenderDomains +=””
$foo | Set-ContentFilterConfig

This is a great workaround… and it works!

However, it’d be much easier to have a switch that lets you append to such multi-valued attributes, in keeping with the shell’s promise of allowing most operations using one-liners.. something like Set-ContentFilterConfig -BypassedSenderDomains, to add values to the attribute, and some other combination to remove a particular value.

To remove a value from a multivalued attribute, for example from the BypassedSenderDomains property of the ContentFilterConfig used in the preceding example:

$foo.BypassedSenderDomains -=””
$foo | Set-ContentFilterConfig

{ 25 comments… read them below or add one }

Anonymous January 14, 2008 at 7:13 am

The correct syntax for adding multiple values is

Set-ContentFilterConfig -BypassedSenderDomains “”,””,””


Anonymous April 4, 2008 at 7:08 am

The problem I have been having with powershell and anti-spam is this….

say I did this command…

Set-ContentFilterConfig -BypassedSenderDomains “”,””,””

Ok now tommorrow I run that SAME command with different domains. It is going to wipe out everything that I put in there in the first place.

Correct me If I am wrong, but basically, you have to keep a txt file with every domain, and each time you run this command, you must include all domains. It seems to me the powershell only remembers the command 1 time, and wipes out whatever domains you had in there the last time.

This is a huge problem, because it also happens when I try to add emails to the whitelist. if you add 5 users, then 5 later, you still only have the last 5 when you output to the clipboard.


Onedin May 22, 2008 at 11:45 am

Very useful post, thanx!


Anonymous July 24, 2008 at 2:11 am

I tried this on the


command with "ExceptionConnectors" multivalued argument

but I have the following error:

[PS] C:\Documents and Settings\Administrator>$foo.ExceptionConnectors -="f0484a1
Exception calling "op_Subtraction" with "2" argument(s): "Failed to convert f04
84a19-771c-46a0-adb9-c5f3a92cd160 from System.String to Microsoft.Exchange.Data
At line:1 char:28
+ $foo.ExceptionConnectors -=" < <<< f0484a19-771c-46a0-adb9-c5f3a92cd160" basically i just want to remove my connector from this Exclusion list, but i cannot find out how to do it.


hhc August 12, 2008 at 4:03 pm

This Post is Greattttttt!!!, i have been looking for something like this, i used with receive connectors to set the remoteiprange. thank you very much


Gus Gallows January 26, 2009 at 11:37 am

I had a similar issue with the AcceptMessagesOnlyFrom attribute of the Set-DistributionGroup. Found the following to work very well:

Set-DistributionGroup -id ‘Test Dist Group’-AcceptMessagesOnlyFrom
((Get-DistributionGroup ‘Test Dist Group’).AcceptMessagesOnlyFrom + ‘Chris Allen’)

Put all that on one line and it should work for you. I tested it and it works great.


Arturas Rimonis October 28, 2016 at 3:44 am

Thank you. Saved my day with AddressSpaces on Set-SendConnector.


scoobdog50 April 23, 2009 at 2:01 pm

wow thanks guys this work for me ………. i was working on this all day….
you guys help big


Anonymous August 28, 2009 at 3:02 am

Somewhere , someone forgot that the purpose of Powershells was to make things EASIER? A little box > add domain > show a list ? Easy. Faffing around with all these little scripts a huge waste of time.


Anonymous August 28, 2009 at 9:40 am

the below commands were very helpful…..
$foo.BypassedSenderDomains +=""
$foo | Set-ContentFilterConfig


Anonymous February 26, 2010 at 7:54 am

What do you mean AWESOME? IT SUCKS. I've wasted all of this time looking for ways to "fix" what could have been an easy gui tab called "Whitelist domains" that would have all of my entries listed on one page with a simple "add","delete" button at the bottom. How novel; Soooo easy; User friendly even. But No – MS gives us this horrible backwards DOS prompt crap. Now I've got to create my own cheat sheet .txt file to keep track of the stupid dos commands. plus keep an additional .txt file of all of my whitelisted domains because EXCH-07 only remembers the last thing added. You ended your post with "AWESOME!!!!!!!" I'm ending mine with IGNORANT!!!!! (but I'm referring to MS, not you.)


LeonMc December 14, 2012 at 7:23 am

WOW PowerShell is MS’s answer to Linux. Now MS Server and MS Exchange, etc. are as complicated to manage as a Linux OS. But wait, Linux is free and MS Server & Exchange are very expensive. hmmmm….. Maybe I will reconsider which command line I should learn.


.:AdminAlive:. April 8, 2010 at 3:59 pm

While both Shell and GUI interfaces are welcomed, I don't see why only one of them is an option. Shell is great for scripting and GUI is great for getting something done quickly without cramping out your damn fingers. This {*is* ridiculous <_


Colenel Flange July 15, 2011 at 2:55 am

Esteemed experts, As a forcibly migrated Domino Admin, I confess I have no love for MS powershell. However I am obliged to use the accursed thing, so hope you can offer guidance ?
All I want is a ‘Set-DistributionGroup’ type of cmdlet that will allow me to add a custom address that Exchange 2007 EMC allows perfectly. however the EMC is a bit useless for making the required change in a 1000+ groups. I’ve seen mention of an ‘Add-Address… ” command, but for me it fails every time, every permutation I’ve tried… appreciate your time and patience…


Bharat Suneja July 15, 2011 at 8:06 am

Are you trying to add an email address to all distribution groups? If so, you can use Get-DistributionGroup -Resultsize unlimited to retrieve all distribution groups and then pipe it to Set-DistributionGroup.

The command would differ based on the new email address – is it a standard format? is it a different localpart (the string before @)? is it a different domain?

Also see:
HOW TO: Add additional email addresses to a recipient

Finally, note you can also use an Email Address Policy to add email addresses automatically. The above procedure is generally used to add email addresses to one off or few recipients where applying an Email Address Policy is not possible/feasible. For details see Understanding Email Address Policies (or see the Exchange 2010 version if you’re on Exchange 2010).


Bharat Suneja July 15, 2011 at 8:24 am

Also note, you can retrieve a cmdlet (or check if it exists) by using Get-Command, which also supports wildcards.

For example, if you’re searching for a cmdlet that starts with the verb Add, use Get-Gommand Add*. To search for a cmdlet with the noun Address, use Get-Command *Address*.

See Using the Get-Command Cmdlet for more examples.


Colonel Flange July 19, 2011 at 1:45 am

Hi Bharat,
thankyou for your thoughts and suggestions.
I’m afraid that I’ve been down most of those paths already.
What I found most disappointing was that the EMC will allow addition of an x400 address very easily and painlessly -so long as you only want to change a handful of groups. I want to add an x400 address to each of a thousand groups and other than writing a script, it seems that powershell utterly lacks the single cmdlet that can do the job even for a single group.
I remember being told in a training session “if you can do it with the EMC, you can do it with a cmdlet”.
If I’m polite, we have encountered an oversight by Microsoft. If I’m not: that’s a remarkably woeful, gl;aring omission and only reinforces the feeling that by migrating to exchange, all we’ve done is to have allowed ourselves to be conned a la ‘The Emperor’s New Clothes’. I hope someone can persuade me otherwise !
Thanks again for your thoughtful response: that reassures me that I’ve been looking in the right places.


Bharat Suneja July 19, 2011 at 8:13 am

What you’ve been told in the training session is absolutely true – think of the EMC as the “graphical shell”. Under the hood, every task it performs is executed using a Shell command.

Feel free to share the details of what you’re trying to do – either here in comments, or offline by email. You can reach me at bsuneja at live dot com. Alternatively, you can also post to Exchange Forums where many Exchange experts including MVPs and Microsoft folks can help.

Colonel Flange July 22, 2011 at 5:02 am

for the sake of completeness, I did email toBharat what I was trying to do with a cmdlet, that I hope would perform like the EMC:
>get-distributiongroup “distgroup”
>set-distributiongroup “distgroup” -emailaddresses “[email protected]”, in the hope that the existing address policy, which still applies correctly to a vast number of other addresses adequately would still do its job. The extra customer address needed for the new groups here doesn’t need to be applied to those other pre-existing groups and users.

If I could get it to work like the above for one group, then I was sure I could get to it to work for many groups, where the domain name remains the smae but the local part changes for each group, of course.
The best answer to date involves coding a three line script to chew its way through the thousand groups, but as I may have another 3000 new groups to create, I wanted to give each of the new groups the extra custom address in one cmdlet. Am Are we really asking too much of Microsoft to get this little thing working ?


Colonel Flange August 4, 2011 at 3:05 am

Gents, you were very patient and helpful:
the least I can do is return some feedback contianing the solution I used:

$dl = get-distributiongroup
$dl.emailaddresses += “x500:”+””
$dl | setdistributiongroup

the bit that made the difference is on the second line – you need to specify the type of address being added, the type being a locally set string which could be “x500” or “notes” or whatever, but it must be enclosed in quotes and include the colon.

Best regards and thanks for pointing me in the right direction.


Mark December 19, 2012 at 1:06 pm

To the guy wanting to remove the connector from the exception list I finally figure it out. (This may be apparent to someone who is familiar with PS but that’s not me.) Use:

set-attachmentfilterlistconfig -ExceptionConnectors $null

Worked for me, I hope this helps someone else since the article is a year and half old.


JE March 18, 2013 at 1:09 am


$foo.BypassedSenderDomains -=””
$foo | Set-ContentFilterConfig



Michael May 1, 2013 at 11:40 am

I have to agree with the one comment about a Whitelist tab or utility. Here I thought I was adding each domain using powershell, only to discover that does not function that way. Is this DOS 1.0? My email appliance, which is a Linux box, has a GUI to add to either the black list or the white list, without having to maintain a text file.


Jake December 27, 2013 at 9:03 am

If you are like me, you are not adding just one domain or email address at a time.
Here is the contents of a PS script I wrote that handles multiple addresses or domains from a csv file. The csv file is easily generated using the get-messagetrackinglog -eventid fail and outputting it to a csv file that you can manipulate.
$allowed = import-csv c:\temp\allowed.csv
foreach($row in $allowed)
$list = (Get-ContentFilterConfig).BypassedSenderDomains
Set-ContentFilterConfig -BypassedSenderDomains $list
$list2 = (Get-SenderIDConfig).BypassedSenderDomains
Set-SenderIDConfig -BypassedSenderDomains $list2


Darthcoin May 22, 2016 at 5:02 pm

Please help!
I have a csv list exported from EXCH2010 of BlockedDomainsAndSubdomains and I want to import it into new installed EXCH2013.
I can’t get a good shell command for this. Do you guys have an idea?


Leave a Comment

Previous post:

Next post: