hellohow i restrict from contacts to be a member of distribution group or security group in exchange 2007 ang group manager cannot to add a contact to the gorup

You need to appoint a junior admin to keep a watch on all groups... ;) Well,AFAIK it is not possible to restrict manager of groups or admins to add contacts into groups... However this is Active Directory related question so try posting this in AD forum if somebody knows there any way to do so... http://social.technet.microsoft.com/Forums/en-US/winserverDS/threadsAmit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

thank you

Marcin PolichtMVP 0 From Active Directory perspective, one approach to controlling group membership is to take advantage of Restricted Groups Group Policy setting (more on this at http://technet.microsoft.com/en-us/library/cc756802(WS.10).aspx)There might be a more efficient way to handle this using Exchange-based methods (maybe relying on dynamic distribution groups would give you what you're looking for) - but such question would be better suited forthe Exchange forum...hthMarcin:)

You can use Dynamic Distribution Group if you are looking for limited set of groups but if you want to restrict all groups in your environment then it might be a headache to convert all groups by creating additional group and a DDG with MemberOf attribute and also designed manager of first group can add contact which will again add it to member of DDG dynamically. Second point is end user won't be able to see group membership (who are member of group) since group expansion is dynamic at Exchange server level when somebody send a mail to it. Since you are using Exchange 2007, another workaround could be remove the contacts from groups periodically (once or twice in a day) with a scheduled powershell script and let managers or admin to add contact to group because it will be removed from groups ultimately by this scheduled script... I quickly made a powershell script for you to remove all mail contacts from all mail enabled security and distribution groups (you can add filter here to run it on set of group instead of all) but I couldn't test it without test environment so suggest you to test it first... Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin $Groups = Get-Group -ResultSize Unlimited | where {$_.RecipientType -like"*Mail*} foreach ($group in $groups) { $AllAMOF = $group.members foreach ($AMOF in $AllAMOF) { $Res = Get-Recipient $AMOF If($Res.recipienttype -eq "MailContact") { Remove-DistributionGroupMember -Identity $group -Member $AMOF } } } You can schedule it by following it below article... How To: Schedule PowerShell Script for an Exchange Task http://exchangeshare.wordpress.com/2008/12/08/how-to-schedule-powershell-script-for-an-exchange-task/ Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com