“Couldn’t find object” in Get-DistributionGroup while modifying Message Delivery Restrictions

Lately I faced the error “Couldn’t find object “FQDN/OU1/OU2/User1”. Please make sure that it was spelled correctly or specify a different object.” when I tried to add a user to the Message Delivery Restrictions list in Exchange. A colleague had asked me to add a new user to the allow-send-list of a Distribution Group in Exchange 2010. The usage of this group was constrained to only a few users because it would allow them to send email to all users in the company.

Adding a user to the Message Delivery Restrictions list is easy:

  1. Double click the Distribution Group
  2. Go to tab “Mail Flow Settings
  3. Double click “Message Delivery Restrictions
  4. Click Add… and find the user you want to grant permission
  5. Click OK, OK, OK, and we’re done.
Message Delivery Restrictions - Exchange 2010
Message Delivery Restrictions – Exchange 2010

However, today was not a usual day. So, I got this error:

Microsoft Exchange Error
The following error(s) occurred while saving changes:

Couldn’t find object “FQDN/OU1/OU2/User1”. Please make sure that it was spelled correctly or specify a different object.

The user specified in the error was a disabled user, and the user was not listed in the GUI of the Message Delivery Restrictions. So I decided to remove the user using Powershell.

Add user to the AcceptMessagesOnlyFrom list of a Distribution Group using Powershell:

Get-DistributionGroup -id "%DistrGroup1" | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Remove="User1"}

This cmdlet however also returned an error that object could not be found.

Couldn’t find object “User1”. Please make sure that it was spelled correctly or specify a different object.
+ CategoryInfo          : NotSpecified: (:) [], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 643A74EF

Fix “Couldn’t find object” in Get-DistributionGroup while modifying Message Delivery Restrictions

The solution to “Couldn’t find object” is as follows:

  1. enable the disabled Active Directory user, and then
  2. (re)create a mailbox for the specific user. Since the user is Exchange-enabled again,
  3. you can now remove the user from the AcceptMessagesOnlyFrom list.

Note that the user is still not visible in the GUI, so you need to remove the user using the cmdlet.
If you recently disabled the mailbox in Exchange, it may still exist in the “Disconnected Mailbox” node in the Exchange Management Console -> Recipient Configuration -> Disconnected Mailbox. If so, try to reconnect the mailbox (right click -> Connect…)

Don’t forget to disable the user’s mailbox again in the Exchange Management Console, and disable the user in Active Directory afterwards.

In Exchange 2010 SP2 and later, the @{Remove=} and @{Add} is a new feature in the cmdlet.

You can, for example, remove a user from the AcceptMessagesOnlyFrom:

Get-DistributionGroup -id “DistrGroup1″ | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Remove=”User1”}

Or add a user to the list:

Get-DistributionGroup -id “DistrGroup1″ | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Add=”User1”}

or you can also combine multiple users and Add/Remove actions::

Get-DistributionGroup “DistrGroup1″ | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Add=”User1″; Remove=”User9″,”User10”}


0 0 votes
Article Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments

You can use ADSI Edit instead. You should have it on your Exchange 2010 servers. Just type adsiedit.msc in the Run menu. found it under ‘default naming contact’ and just like the articles above my disabled user was listed in the authOrig attribute. Removed the object and the issue is resolved.


can do the same with ADUC in advanced mode, on the attribute editor tab of the distribution group edit the same authOrig property, remove bad user(s) there. much faster and easier than the OP method.

create google plus account

Hi there! This is my first comment here so I just wanted to give a quick shout
out and tell you I really enjoy reading through your articles.
Can you recommend any other blogs/websites/forums that go over the
same subjects? Thanks!


It’s the best time to make some plans for the future and it is time to be happy.
I’ve read this post and if I could I wish to suggest you few interesting
things or suggestions. Perhaps you can write next articles
referring to this article. I wish to read more things about it!

track by cell phone number

(If you don’thave a name yet, use a reverse phone
search or reverse e-mail search services above to
track down the person’s name, then do an oline background check.
I would like to feel a very little a lot of secure in knowing my
ads would convert to sells. 17 Subtle Signs Thatt Your Marriage or
Relationship is About to End.

instagram news

Hello great blog! Does running a blog such as this take a lot of work?
I’ve very little understanding of computer programming however I had been hoping
to start my own blog soon. Anyway, should you have any ideas
or tips for new blog owners please share. I know this is off
subject however I simply wanted to ask. Cheers!

Vikas Sukhija

We have written a powershell script for handling this situation, it removes the problematic users from the restriction lists so that restrictions can be modified.



Good article – worked perfectly – magic.


THANK YOU MURALI !! Used ADSI after battling this for hours, fixed it in less than a minute !

Would love your thoughts, please comment.x