none
Even after AddPermission, can't give user rights to modify a Distribution group

    Pergunta

  • I used the AddPermission shell command to give my user account the right to modify a test distribution group. It didn't work. So I used brute force and gave myself full rights in the Security tab of the dist group. My resultant rights are as shown in the GetPermission output:

    Identity                                                  Deny      Rights
    --------                                                      ----       ------
    mydomain.com/Users/CA Test Group    False     GenericAll

    First, what should it show here if the rights are correct? Second, if the above is sufficient, why can I still not change the members in this group?

    quinta-feira, 12 de abril de 2012 18:06

Todas as Respostas

  • What version of Exchange?  Are you modifying membership from EMC,EMS, or Outlook?

    quinta-feira, 12 de abril de 2012 18:28
  • Please follow Russ's suggestion to let me know your Exchange Version and where did you want to modify the group.

    In Exchange 2010:

    When you want to modify the group in EMC, you need use RBAC to grant user permission.

    If you are trying to edit the group in Outlook, they need to be the manager of the distribution group.

    Related information for you:

    Rights to modify all distribution lists

    http://social.technet.microsoft.com/Forums/hu-HU/exchange2010/thread/9b5f3876-03b3-47e0-a948-1707b5e0a50d

    How to Manage Groups that I already own in Exchange 2010?

    http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    • Sugerido como Resposta Jamestechman sexta-feira, 13 de abril de 2012 14:29
    sexta-feira, 13 de abril de 2012 06:34
  • Exchange 2007. I don't think I want to have a normal user use EMC or the shell (lol!) to manage dist groups, unless that is standard practice. I was trying to use Outlook in both cached and direct modes.
    quarta-feira, 18 de abril de 2012 23:09
  • You need to modify the permissions on the group to modify it from Outlook.

    Add-ADPermission -Identity "Group Display Name" -User "Domain\User" -AccessRights ReadProperty, WriteProperty -Properties 'Member'
    This should allow the user in question the ability to change membership of a group from Outlook.  In place of a user account though, you can use another group to allow for multiple people.


    quinta-feira, 19 de abril de 2012 00:27
  • Hello,

    The user who managed by the group can go to modify the group members in Outlook.

    You also can follow Russ's suggestion (grant user permission) to allow users modify the group member in Outlook.

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    quinta-feira, 19 de abril de 2012 02:38
  • Managed by does not have any effect on Distribution groups in Exchange 2007 or Exchange 2010 without additional modifications (AD Permissions in 2007 and custom RBAC in Exchange 2010 unless you want to enable the Manage Distribution Groups RBAC which allows users to create DLs in the system on their own).
    • Sugerido como Resposta Jamestechman quinta-feira, 19 de abril de 2012 14:54
    quinta-feira, 19 de abril de 2012 14:47
  • I did the Add-ADPermission already. It ran, but afterward, editing the group is still denied.

    quinta-feira, 19 de abril de 2012 19:16
  • Can you check if the client you're testing from has Outlook in cached mode? If so take it out of cached mode and test again. The cache mode has a tendency to not take the DL management to take affect immediately.


    James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

    quinta-feira, 19 de abril de 2012 19:19
  • Hello,

    Any updates?

    If you set managed by and check option "Manager can update membership list" in ADUC, will this issue occur or not?

    Thanks,

    Evan


    Evan Liu

    TechNet Community Support

    terça-feira, 24 de abril de 2012 03:11