We have over 900 distribution groups in our organization. 
Is there a way in exchange 2010 to give a user or group the ability to modify Managers of Distribution Groups of them without having to make them an owner of each individual list?

 

• Edited by Alvi932 10 hours 27 minutes ago

HI,

You may consider to use RBAC, refer to this document:

https://technet.microsoft.com/en-us/library/dd298183(v=exchg.141).aspx

Following are my steps for reference:

Create a new management role group

New-RoleGroup Name DGManagement

Create a new management role

New-ManagementRole -Parent "Distribution Groups" -Name "DG role"

Configure the role entry with necessary cmdlets.

Use this command to remove all cmdlets except Set-DistributionGroup

Get-ManagementRoleEntry DG role\* | where {$_.name ne Set-DistributionGroup} | Remove-ManagementRoleEntry

Add necessary cmdlets one by one

Add-ManagementRoleEntry "DG Role\Get-Recipient"

Add-ManagementRoleEntry "DG Role\Set-Group"

Add-ManagementRoleEntry "DG Role\Get-User"

Add-ManagementRoleEntry "DG Role\Get-Group"

Add-ManagementRoleEntry "DG Role\Get-DistributionGroup"

Configure the role entry with necessary parameters to manage the "manage" tab, remove all unnecessary parameters except ManagedBy

Set-ManagementRoleEntry "DG Role\Set-DistributionGroup" Parameters AcceptMessagesOnlyFrom, AcceptMessagesOnlyFromDLMembers, AcceptMessagesOnlyFromSendersOrMembers, Alias, BypassModerationFromSendersOrMembers, BypassNestedModerationEnabled, Confirm, CustomAttribute1, CustomAttribute10, CustomAttribute11, CustomAttribute12, CustomAttribute13, CustomAttribute14, CustomAttribute15, CustomAttribute2, CustomAttribute3, CustomAttribute4, CustomAttribute5, CustomAttribute6, CustomAttribute7, CustomAttribute8, CustomAttribute9, Debug, DisplayName, DomainController, EmailAddresses, EmailAddressPolicyEnabled, ErrorAction, ErrorVariable, ExpansionServer, ExtensionCustomAttribute1, ExtensionCustomAttribute2, ExtensionCustomAttribute3, ExtensionCustomAttribute4, ExtensionCustomAttribute5, ForceUpgrade, GrantSendOnBehalfTo, HiddenFromAddressListsEnabled, Identity, IgnoreDefaultScope, IgnoreNamingPolicy, MailTip, MailTipTranslations, MaxReceiveSize, MaxSendSize, MemberDepartRestriction, MemberJoinRestriction, ModeratedBy, ModerationEnabled, Name, OutBuffer, OutVariable, PrimarySmtpAddress, RejectMessagesFrom, RejectMessagesFromDLMembers, RejectMessagesFromSendersOrMembers, ReportToManagerEnabled, ReportToOriginatorEnabled, RequireSenderAuthenticationEnabled, RoomList, SamAccountName, SendModerationNotifications, SendOofMessageToOriginatorEnabled, SimpleDisplayName, Verbose, WarningAction, WarningVariable, WhatIf, WindowsEmailAddress RemoveParameter

Check with this command

Get-ManagementRoleEntry "DG Role\Set-DistributionGroup" | fl parameters

Add this new management role to new management role group.

1. In the ECP, navigate to Roles & Auditing > Adminitrators Roles.
2. Select the DGManagementrole group, and then click Details.
3. In the Roles section, add  the DG Role.
4. When youve finished adding roles to the role group, click Save.

Add distribution group or user to a member of the new management role group.

1. In the EAC, navigate to Roles & Auditing > Administrator Roles.
2. Select the DGManagement role group, and then click Details.
3. In the Members section, select the group or user you want to add.
4. When youve finished adding members to the role group, click Save.

When these users login ECP, results should be like the following screen shoot, then can only edit ownership tab.

Best Regards.