Hello,
I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users. We want it to bypass owner approval and essentially allow this group to add or remove members in the FIM Portal and flow it down to ADS.
This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins. We have added the help desk team to the Security Group Users and Group Users set as well as MPR "Security group management: Users can read selected attributes of group resources".
The help desk users can update users in the Portal with no issue. The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
Any help is greatly appreciated.
Thanks!