none
Distribution group rights in Exchange 2010 SP1 RRS feed

  • Question

  • Dear All,

    I have installed Exchagne 2010 SP1 RU6 with coexistance on Exchagne 2007 SP3. I am facing the issue when i add a user as owner in distribution group then he can rename and delte the DL in exchagne 2010. as per the exchange 2007 only administrator can edit the name of DL but if i add another owner of the he is just able to manage the membership. can any one tell me how can I restrict the users whom i add as owener in the DL should not rename the DL .

    thanks & Regards

    Zahoor

    Thursday, December 15, 2011 4:18 PM

Answers

  • Hi
      
    PS] D:\>New-ManagementRole -Name Custom_OwnerDistributionGroups -Parent MyDistributionGroups -Description “This role enables individual users to view distribution groups and add or remove members to distribution groups they own or add a Mailtip.”

    Name RoleType
    —- ——–
    Custom_OwnerDistributionGroups MyDistributionGroups

    [PS] D:\>Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\New-DistributionGroup -Confirm:$false
    [PS] D:\Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Remove-DistributionGroup -Confirm:$false
    [PS] D:\>Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-Group -Confirm:$false
    [PS] D:\>set-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-DistributionGroup -parameter Confirm ,ErrorAct
    ion ,ErrorVariable ,Identity ,MailTip ,MailTipTranslations , OutBuffer ,OutVariable ,WarningAction ,WarningVariable ,Wha
    tIf

    Now Add the new Custom Role to the “Default Role Assignment Policy” from ECP

    You can add user into this role.

    Set-Group is blocked. So I think it will meet your request. You can read this blog.


    Terence Yu

    TechNet Community Support

    • Marked as answer by Zahoor Hakeem Monday, December 19, 2011 11:08 AM
    Saturday, December 17, 2011 12:35 AM

All replies

  • Hi,

    here is a good article how to manage DG in exchange 2010 in the right way:

    http://sysadmin-talk.org/2010/06/omg-allowing-end-users-to-manage-distribution-group-membership-in-exchange-2010-2/

    Regards,

    Chris

    Thursday, December 15, 2011 4:31 PM
  • hi Chris,

    thanx for the replying I red this but this doesnt talk about weather an administrator delegates rights through RBAC and extends rights to the users as owner then this users should to rename the DL.  i want to know weather this is a vendor lock or we there is some setting to restrict the user who is owner of the DL should not rename the DL.

    Thanks & Regards

    Zahoor

    Friday, December 16, 2011 5:24 AM
  • Hi Zahoor,

    I can't see a reason, why a user should be owner of the DL ?

    But for this, an owner owns the object and is able to get full access on it.

    Regards,

    Chris

    Friday, December 16, 2011 8:06 AM
  • Hi Chris,

    usally exchange admin creates a DL for diffent deparment and adding a user as owner to handle the member ship so that burden will not come to IT administrator. A user which is in same deptment DL geta an Owner rights were he can add and remove the member from the DLL, but he should not rename the DL, but in Exchange 2010 if I do so Owner of the partcular DL are able to rename the DL which should not happen only administator can should do that.

    Thanks & Regads

    Zahoor

    Friday, December 16, 2011 10:24 AM
  • Hi
      
    PS] D:\>New-ManagementRole -Name Custom_OwnerDistributionGroups -Parent MyDistributionGroups -Description “This role enables individual users to view distribution groups and add or remove members to distribution groups they own or add a Mailtip.”

    Name RoleType
    —- ——–
    Custom_OwnerDistributionGroups MyDistributionGroups

    [PS] D:\>Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\New-DistributionGroup -Confirm:$false
    [PS] D:\Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Remove-DistributionGroup -Confirm:$false
    [PS] D:\>Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-Group -Confirm:$false
    [PS] D:\>set-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-DistributionGroup -parameter Confirm ,ErrorAct
    ion ,ErrorVariable ,Identity ,MailTip ,MailTipTranslations , OutBuffer ,OutVariable ,WarningAction ,WarningVariable ,Wha
    tIf

    Now Add the new Custom Role to the “Default Role Assignment Policy” from ECP

    You can add user into this role.

    Set-Group is blocked. So I think it will meet your request. You can read this blog.


    Terence Yu

    TechNet Community Support

    • Marked as answer by Zahoor Hakeem Monday, December 19, 2011 11:08 AM
    Saturday, December 17, 2011 12:35 AM