Users cannot manage the dist lists they own. I've set everything I've needed to in RBAC (i think)
Running Exchange 2010 SP1. We have a security group that contains various supervisors. One purpose is to allow them to modify dist lists that we make the security group manager of. After migrating everyone to Exchange 2010, it no longer works. I followed this guide: http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx I checked off MyDistributionGroups in the default role assignment policy. Then did all the commands from powershell as described. I logout, log back in, open outlook. Goto a dist list I set myself as an owner to. I try to add a member, and it says: changes to the public group membership cannot be saved. You do not have sufficient permission to perform this operation on this object.
November 24th, 2011 8:57am

Hi there, Please go through these.. it may help you.. http://sysadmin-talk.org/2010/06/omg-allowing-end-users-to-manage-distribution-group-membership-in-exchange-2010-2/ http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/9c5a6f84-dbdb-46e8-8095-75ac51f3075a/Thanks & Regards, Kottees
Free Windows Admin Tool Kit Click here and download it now
November 24th, 2011 1:13pm

Yeah i saw those posts already from google. Something we've noticed. In the EMC if you try and add members to manage the group, you can only pick users. The group previously set during Exchange 2003 days says Object not found under the organizational unit field. Is there an option to allow adding groups? I set myself as the manager of another dist list(security group) in EMC, but I cannot add members there either.
November 24th, 2011 4:31pm

Hi The issue is that when the mailbox is moved to Exchange 2010, the default role assignment policy gets applied to the mailbox. The default policy doesn’t allow users to update groups even if they are the owners. The RBAC doesn’t grant the permissions at all. You can either create a new role assignment policy and apply it to the group owners / all users or modify the existing default assignment policy. You can either use Exchange Shell or ECP to achieve the task. EMC doesn’t expose the assignment policy and hence you cannot use it. You can read this guide to do it. Another way: Changing the groups to universal groups You can read this post. http://social.technet.microsoft.com/Forums/zh/exchange2010/thread/47db146e-8476-474e-8c20-ac63ce4a361b
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2011 7:26pm

I've already done that, hasn't made a difference.
November 28th, 2011 7:25am

One thing I had read previously was that they need to be universal groups. I tried creating a universal group previously and adding a group I'm in to see if it could then be edited. No luck. I then read the universal groups were mostly needed for domains with multiple forests, which we don't have. I revisited this and found that I could edit the universal group if I just added myself (all done in ADUC). I found in EMC that you could not add groups. Is there a way to add groups to manage distribution groups. It will be a management nightmare to have to add individual users.
Free Windows Admin Tool Kit Click here and download it now
November 28th, 2011 11:17am

Hi I find team blog about it. You should run script. http://blogs.technet.com/b/exchange/archive/2011/05/04/how-to-manage-groups-with-groups-in-exchange-2010.aspx
November 28th, 2011 8:21pm

Yeah thanks, I found that this afternoon. It's unbelievable though that microsoft would remove the ability to manage dist lists with groups.
Free Windows Admin Tool Kit Click here and download it now
November 28th, 2011 8:23pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics