I used the AddPermission shell command to give my user account the right to modify a test distribution group. It didn't work. So I used brute force and gave myself full rights in the Security tab of the dist group. My resultant rights are as shown in the GetPermission output: Identity Deny Rights -------- ---- ------ mydomain.com/Users/CA Test Group False GenericAll First, what should it show here if the rights are correct? Second, if the above is sufficient, why can I still not change the members in this group?

What version of Exchange? Are you modifying membership from EMC,EMS, or Outlook?

Please follow Russ's suggestion to let me know your Exchange Version and where did you want to modify the group. In Exchange 2010: When you want to modify the group in EMC, you need use RBAC to grant user permission. If you are trying to edit the group in Outlook, they need to be the manager of the distribution group. Related information for you: Rights to modify all distribution lists http://social.technet.microsoft.com/Forums/hu-HU/exchange2010/thread/9b5f3876-03b3-47e0-a948-1707b5e0a50d How to Manage Groups that I already own in Exchange 2010? http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx Thanks, EvanEvan Liu TechNet Community Support

Please follow Russ's suggestion to let me know your Exchange Version and where did you want to modify the group. In Exchange 2010: When you want to modify the group in EMC, you need use RBAC to grant user permission. If you are trying to edit the group in Outlook, they need to be the manager of the distribution group. Related information for you: Rights to modify all distribution lists http://social.technet.microsoft.com/Forums/hu-HU/exchange2010/thread/9b5f3876-03b3-47e0-a948-1707b5e0a50d How to Manage Groups that I already own in Exchange 2010? http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx Thanks, EvanEvan Liu TechNet Community Support

Exchange 2007. I don't think I want to have a normal user use EMC or the shell (lol!) to manage dist groups, unless that is standard practice. I was trying to use Outlook in both cached and direct modes.

You need to modify the permissions on the group to modify it from Outlook. Add-ADPermission -Identity "Group Display Name" -User "Domain\User" -AccessRights ReadProperty, WriteProperty -Properties 'Member' This should allow the user in question the ability to change membership of a group from Outlook. In place of a user account though, you can use another group to allow for multiple people.

Hello, The user who managed by the group can go to modify the group members in Outlook. You also can follow Russ's suggestion (grant user permission) to allow users modify the group member in Outlook. Thanks, EvanEvan Liu TechNet Community Support

Managed by does not have any effect on Distribution groups in Exchange 2007 or Exchange 2010 without additional modifications (AD Permissions in 2007 and custom RBAC in Exchange 2010 unless you want to enable the Manage Distribution Groups RBAC which allows users to create DLs in the system on their own).

I did the Add-ADPermission already. It ran, but afterward, editing the group is still denied.

Can you check if the client you're testing from has Outlook in cached mode? If so take it out of cached mode and test again. The cache mode has a tendency to not take the DL management to take affect immediately. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Hello, Any updates? If you set managed by and check option "Manager can update membership list" in ADUC, will this issue occur or not? Thanks, EvanEvan Liu TechNet Community Support