Even after AddPermission, can't give user rights to modify a Distribution group
-
quinta-feira, 12 de abril de 2012 18:06
I used the AddPermission shell command to give my user account the right to modify a test distribution group. It didn't work. So I used brute force and gave myself full rights in the Security tab of the dist group. My resultant rights are as shown in the GetPermission output:
Identity Deny Rights
-------- ---- ------
mydomain.com/Users/CA Test Group False GenericAllFirst, what should it show here if the rights are correct? Second, if the above is sufficient, why can I still not change the members in this group?
Todas as Respostas
-
quinta-feira, 12 de abril de 2012 18:28
What version of Exchange? Are you modifying membership from EMC,EMS, or Outlook?
-
sexta-feira, 13 de abril de 2012 06:34Moderador
Please follow Russ's suggestion to let me know your Exchange Version and where did you want to modify the group.
In Exchange 2010:
When you want to modify the group in EMC, you need use RBAC to grant user permission.
If you are trying to edit the group in Outlook, they need to be the manager of the distribution group.
Related information for you:
Rights to modify all distribution lists
How to Manage Groups that I already own in Exchange 2010?
http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx
Thanks,
Evan
Evan Liu
TechNet Community Support
- Sugerido como Resposta Jamestechman sexta-feira, 13 de abril de 2012 14:29
-
quarta-feira, 18 de abril de 2012 23:09Exchange 2007. I don't think I want to have a normal user use EMC or the shell (lol!) to manage dist groups, unless that is standard practice. I was trying to use Outlook in both cached and direct modes.
-
quinta-feira, 19 de abril de 2012 00:27
You need to modify the permissions on the group to modify it from Outlook.
Add-ADPermission -Identity "Group Display Name" -User "Domain\User" -AccessRights ReadProperty, WriteProperty -Properties 'Member'
This should allow the user in question the ability to change membership of a group from Outlook. In place of a user account though, you can use another group to allow for multiple people.
- Editado Russ Burden quinta-feira, 19 de abril de 2012 00:29
- Editado Russ Burden quinta-feira, 19 de abril de 2012 00:30
- Sugerido como Resposta Evan LiuModerator quinta-feira, 19 de abril de 2012 02:30
-
quinta-feira, 19 de abril de 2012 02:38Moderador
Hello,
The user who managed by the group can go to modify the group members in Outlook.
You also can follow Russ's suggestion (grant user permission) to allow users modify the group member in Outlook.
Thanks,
Evan
Evan Liu
TechNet Community Support
-
quinta-feira, 19 de abril de 2012 14:47 Managed by does not have any effect on Distribution groups in Exchange 2007 or Exchange 2010 without additional modifications (AD Permissions in 2007 and custom RBAC in Exchange 2010 unless you want to enable the Manage Distribution Groups RBAC which allows users to create DLs in the system on their own).
- Sugerido como Resposta Jamestechman quinta-feira, 19 de abril de 2012 14:54
-
quinta-feira, 19 de abril de 2012 19:16
I did the Add-ADPermission already. It ran, but afterward, editing the group is still denied.
-
quinta-feira, 19 de abril de 2012 19:19
Can you check if the client you're testing from has Outlook in cached mode? If so take it out of cached mode and test again. The cache mode has a tendency to not take the DL management to take affect immediately.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
-
terça-feira, 24 de abril de 2012 03:11Moderador
Hello,
Any updates?
If you set managed by and check option "Manager can update membership list" in ADUC, will this issue occur or not?
Thanks,
Evan
Evan Liu
TechNet Community Support
.png)
