quinta-feira, 12 de abril de 2012 18:06
I used the AddPermission shell command to give my user account the right to modify a test distribution group. It didn't work. So I used brute force and gave myself full rights in the Security tab of the dist group. My resultant rights are as shown in the GetPermission output:
Identity Deny Rights
-------- ---- ------
mydomain.com/Users/CA Test Group False GenericAll
First, what should it show here if the rights are correct? Second, if the above is sufficient, why can I still not change the members in this group?
Todas as Respostas
quinta-feira, 12 de abril de 2012 18:28
What version of Exchange? Are you modifying membership from EMC,EMS, or Outlook?
sexta-feira, 13 de abril de 2012 06:34Moderador
Please follow Russ's suggestion to let me know your Exchange Version and where did you want to modify the group.
In Exchange 2010:
When you want to modify the group in EMC, you need use RBAC to grant user permission.
If you are trying to edit the group in Outlook, they need to be the manager of the distribution group.
Related information for you:
Rights to modify all distribution lists
How to Manage Groups that I already own in Exchange 2010?
TechNet Community Support
- Sugerido como Resposta Jamestechman sexta-feira, 13 de abril de 2012 14:29
quarta-feira, 18 de abril de 2012 23:09Exchange 2007. I don't think I want to have a normal user use EMC or the shell (lol!) to manage dist groups, unless that is standard practice. I was trying to use Outlook in both cached and direct modes.
quinta-feira, 19 de abril de 2012 00:27
You need to modify the permissions on the group to modify it from Outlook.
Add-ADPermission -Identity "Group Display Name" -User "Domain\User" -AccessRights ReadProperty, WriteProperty -Properties 'Member'This should allow the user in question the ability to change membership of a group from Outlook. In place of a user account though, you can use another group to allow for multiple people.
quinta-feira, 19 de abril de 2012 02:38Moderador
quinta-feira, 19 de abril de 2012 14:47Managed by does not have any effect on Distribution groups in Exchange 2007 or Exchange 2010 without additional modifications (AD Permissions in 2007 and custom RBAC in Exchange 2010 unless you want to enable the Manage Distribution Groups RBAC which allows users to create DLs in the system on their own).
- Sugerido como Resposta Jamestechman quinta-feira, 19 de abril de 2012 14:54
quinta-feira, 19 de abril de 2012 19:16
I did the Add-ADPermission already. It ran, but afterward, editing the group is still denied.
quinta-feira, 19 de abril de 2012 19:19
Can you check if the client you're testing from has Outlook in cached mode? If so take it out of cached mode and test again. The cache mode has a tendency to not take the DL management to take affect immediately.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
terça-feira, 24 de abril de 2012 03:11Moderador