none
distribution group permission problem in Outlook but NOT in OWA/ECP RRS feed

  • Question

  • I originally posted this problem in the Outlook Forum but was asked to re-post it here in the Exchange Server forum....

    Exchange 2010 sp 1, working with a Mail Universal Distribution Group...

    I have a user who has been set as the list manager (Managed by) both in the EMC and ADUC.  When she tries to modify the group membership using Outlook 2010 she gets an error "Changes to the distribution list membership cannot be saved.  You do not have sufficient permission to perform this operation on this object."  However when she is using OWA and uses the ECP web interface, she is able to modify the group membership.  This error appears when Outlook is in cached mode or NOT in cached mode.  Error appears in a newly created profile on other computers.

    Anyone else heard of a similar problems or ideas of what's causing the problem?

    Thanks in advance for any help.

    >>>>>>>>>>>>

    Hi Paul

    Kindly run this shell command once again and check the status.

    Set-Group -Identity "dl Name" -ManagedBy Manageraccount

    Add-ADPermission -Identity "DL name" -User "Manager" -AccessRights ReadProperty, WriteProperty -Properties 'Member'

    After setting the permission using shell command, reconfigure the outlook profile

    Thank you

    Edited byRajkumar System Admin Friday, September 23, 2011 9:11 AM


    >>>>>>>>>>>>>>>>>

    ran commands...no change

     

    >>>>>>>>>>>>

    Hi
     

    Thank you for using Microsoft Office for IT Professionals Forums.

     

    As my research, it seems Exchange server 2010 issue.

     

    You can refer to following KB article or similar thread.

    "Changes to the distribution list membership cannot be saved" error message when you try to remove members from an Exchange Server 2010 distribution list

    http://support.microsoft.com/kb/982349

     

    “How to Manage Groups that I already own in Exchange 2010?”

    http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx

     

    Similar thread:

    http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/9c5a6f84-dbdb-46e8-8095-75ac51f3075a/

     

    If all above methods cannot resolve this issue, it is recommended to post a new thread in Microsoft Exchange Server Forum for further discussion.

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.

     

    Thank you for your understanding and support.

     

    Best Regards,

    William Zhou
    Forum Support

    Tuesday, September 27, 2011 4:25 PM

All replies

  • On Tue, 27 Sep 2011 16:25:53 +0000, Paul Matsune wrote:
     
    >
    >
    >I originally posted this problem in the Outlook Forum but was asked to re-post it here in the Exchange Server forum....
    >
    >Exchange 2010 sp 1, working with a Mail Universal Distribution Group...
    >
    >I have a user who has been set as the list manager (Managed by) both in the EMC and ADUC. When she tries to modify the group membership using Outlook 2010 she gets an error "Changes to the distribution list membership cannot be saved. You do not have sufficient permission to perform this operation on this object." However when she is using OWA and uses the ECP web interface, she is able to modify the group membership. This error appears when Outlook is in cached mode or NOT in cached mode. Error appears in a newly created profile on other computers.
    >
    >Anyone else heard of a similar problems or ideas of what's causing the problem?
     
    How many AD domains are in your AD forest? If the group object being
    modified isn't in a writable copy of the directory then you won't be
    able to save the changes. This is a pretty common problem in
    multi-domain forests.
     
    http://support.microsoft.com/kb/318074
     
    Or it could be this:
    http://support.microsoft.com/kb/982349
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Wednesday, September 28, 2011 2:56 AM
  • Hi Paul,

    Any updates?

    Please also run the cmdlet Get-ManagementRoleAssignment -RoleAssignee "user name" | ft Name,Role and post the result here.

    Frank Wang

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

     

    Wednesday, September 28, 2011 7:30 AM
  • Hi Paul,

    Any updates?

    Frank Wang

    Friday, September 30, 2011 2:34 AM
  • Hi Paul,

    Any updates?

    Frank Wang

    Monday, October 3, 2011 2:03 AM
  • Thanks for your reply.

     

    We only have one domain.

    Monday, October 3, 2011 3:28 PM
  • Sorry for the delay in replying...

    Permissions work for ECP but not when using Outlook's Address book...for one user...other users using same role assignment can modify their lists using Outlook.

     

    Name                                                        Role
    ----                                                        ----
    MyDistributionGroupMembership-Default Role Assignment Po... MyDistributionGroupMembership
    MyBaseOptions-Default Role Assignment Policy                MyBaseOptions
    MyTextMessaging-Default Role Assignment Policy              MyTextMessaging
    MyContactInformation-Default Role Assignment Policy         MyContactInformation
    MyVoiceMail-Default Role Assignment Policy                  MyVoiceMail
    OwnerDistributionGroups-Default Role Assignment Policy      OwnerDistributionGroups

    Monday, October 3, 2011 3:35 PM
  • Hi Paul,

    Since only one user cannot modify the membership using Outlook, please try to start Outlook in safe mode.

    If possible, please also configurate Outlook profile for the user in another client computer to test.

    Frank Wang

    Thursday, October 6, 2011 7:08 AM
  • I've done that before and still have the same problem.

    Thursday, October 6, 2011 2:13 PM
  • We have the same problem, and with MyDistributionGroupMembership role too. In ecp it's work, through Outlook not.
    Thursday, February 13, 2014 7:37 AM
  • Run the following command in EMS for each user that you wish to be able to edit the distribution group.

    Get-Group <group-name> | Add-Adpermission -User <user> -Accessright writeproperty -Properties member

    Enjoy!


    Thursday, August 14, 2014 3:00 AM
  • If it worked OWA/ECP but not in Outlook, this means you need to allow it in Active Directory.In my case, I ticked "Manage can update membership list" and I can add/remove member from Outlook.

    Friday, January 8, 2016 2:29 PM
  • Hello Paul,

    Is the user (Owner of the DL) managing the distribution Group has multiple Profiles added to the outlook ?

    I have come across an issue where User (Though Owner of DL) can't manage DL when there is another Mailbox Profile added to outlook. when outlook loads it completes the auto-discovery and caches the permissions that are delegated for this user.

    For Some reason Managing Distribution Group fails with Error "Changes to Distribution Group Can't be saved".

    I don't know if it is a bug or known-issue, to resolve the issue and assign the mailbox(Secondary Mailbox added to Outlook by the user) as Additional Owner using Exchange Management Console. This should take care of the issue.

    Let me know if this helps!


    Pavan Maganti ~ ( Exchange | 2003/2007/2010/E15(2013)) ~~ Please remember to click “Vote As Helpful&quot; if it really helps and &quot;Mark as Answer” if it answers your question, “Unmark as Answer” if a marked post does not actually answer your question. ~~ This Information is provided is &quot;AS IS&quot; and confers NO Rights!!

    • Proposed as answer by PK M Wednesday, January 20, 2016 3:50 PM
    Wednesday, January 20, 2016 3:42 PM
  • <<<<<<<<<<<<<<<SOLUTION>>>>>>>>>>>>>>>>>

    I know that this is an old post but I just came across this exact issue and found a resolution after an hour of banging my head against the desk.

    The user that I wanted to allow to manage a DG was listed in EMC as a manager of the gorup.

    I checked AD and confirmed that the "Manager can update membership list" was selected under the Managed By tab.

    I confirmed that the user could edit the DG from OWA but not from Outlook.

    I went to the security tab and went to advanced settings and confirmed that the user had "write members" permissions under the properties tab of her permissions settings.

    The user is not running Outlook in cached mode, but I rebuild the Outlook profile anyways.

    ________________________________________

    The solution:

    The DG was a non-universal distribution group.

    As soon as I right clicked the DG and converted it to a universal DG, she was able to modify the members in Outlook.

    Hope this helps!

    -Ryan

    Friday, September 1, 2017 4:54 PM