Even after AddPermission, can't give user rights to modify a Distribution group
I used the AddPermission shell command to give my user account the right to modify a test distribution group. It didn't work. So I used brute force and gave myself full rights in the Security tab of the dist group. My resultant rights are as shown in the
GetPermission output:
Identity
Deny Rights
-------- ----
------
mydomain.com/Users/CA Test Group False GenericAll
First, what should it show here if the rights are correct? Second, if the above is sufficient, why can I still not change the members in this group?
April 12th, 2012 2:13pm
What version of Exchange? Are you modifying membership from EMC,EMS, or Outlook?
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2012 2:35pm
Please follow Russ's suggestion to let me know your Exchange Version and where did you want to modify the group.
In Exchange 2010:
When you want to modify the group in EMC, you need use RBAC to grant user permission.
If you are trying to edit the group in Outlook, they need to be the manager of the distribution group.
Related information for you:
Rights to modify all distribution lists
http://social.technet.microsoft.com/Forums/hu-HU/exchange2010/thread/9b5f3876-03b3-47e0-a948-1707b5e0a50d
How to Manage Groups that I already own in Exchange 2010?
http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx
Thanks,
EvanEvan Liu
TechNet Community Support
April 13th, 2012 2:41am
Please follow Russ's suggestion to let me know your Exchange Version and where did you want to modify the group.
In Exchange 2010:
When you want to modify the group in EMC, you need use RBAC to grant user permission.
If you are trying to edit the group in Outlook, they need to be the manager of the distribution group.
Related information for you:
Rights to modify all distribution lists
http://social.technet.microsoft.com/Forums/hu-HU/exchange2010/thread/9b5f3876-03b3-47e0-a948-1707b5e0a50d
How to Manage Groups that I already own in Exchange 2010?
http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx
Thanks,
EvanEvan Liu
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2012 9:34am
Exchange 2007. I don't think I want to have a normal user use EMC or the shell (lol!) to manage dist groups, unless that is standard practice. I was trying to use Outlook in both cached and direct modes.
April 18th, 2012 7:15pm
You need to modify the permissions on the group to modify it from Outlook.
Add-ADPermission -Identity "Group Display Name" -User "Domain\User" -AccessRights ReadProperty, WriteProperty -Properties 'Member'
This should allow the user in question the ability to change membership of a group from Outlook. In place of a user account though, you can use another group to allow for multiple people.
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2012 8:32pm
Hello,
The user who managed by the group can go to modify the group members in Outlook.
You also can follow Russ's suggestion (grant user permission) to allow users modify the group member in Outlook.
Thanks,
EvanEvan Liu
TechNet Community Support
April 18th, 2012 10:44pm
Managed by does not have any effect on Distribution groups in Exchange 2007 or Exchange 2010 without additional modifications (AD Permissions in 2007 and custom RBAC in Exchange 2010 unless you want to enable the Manage Distribution Groups RBAC which allows
users to create DLs in the system on their own).
Free Windows Admin Tool Kit Click here and download it now
April 19th, 2012 10:52am
I did the Add-ADPermission already. It ran, but afterward, editing the group is still denied.
April 19th, 2012 3:21pm
Can you check if the client you're testing from has Outlook in cached mode? If so take it out of cached mode and test again. The cache mode has a tendency to not take the DL management to take affect immediately.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
April 19th, 2012 3:24pm
Hello,
Any updates?
If you set managed by and check option "Manager can update membership list" in ADUC, will this issue occur or not?
Thanks,
EvanEvan Liu
TechNet Community Support
April 23rd, 2012 11:18pm