I saw one strange behavior ( at least for me) of multiple managed by feature of Exchange 2010. Just want to know that what could the reason behind that.
I noticed that Exchange shows AD's managedBy and its own Managed By (msExchCoManagedByLink) users together. And if i add only one Managed By using Exchange 2010 snapin it would be added in AD's managedBy attribute ( not in msExchCoManagedByLink) and if i add more then one users as Managed By then first will be added in AD's managedBy attribute and others will be added in Exchange's msExchCoManagedByLink attribute.
I also noticed that there is a restriction in Exchange that we can't set Security Group, Distribution group or Non Mail Enabled users as Managed By. Only Mailboxes or Mail Enabled Users can be managed By. But in AD we can set Security group or Non Mail Enabled group as Managed By. So if i set security group as managed By in AD and then i try to view managed by list in Exchange 2010, it doesn't show that. And if i try to add new managed by ( a mailbox or mail enabled user) it throw an exception that particular xyz is a security group and it can't be added in managed by list. ( remember that i added this group from AD and now i am adding a mailbox )
For me, it seems a strange behaviour because if Exchange and AD both have different criteria of managed by then why Exchange is dealing with AD's managed By? and Why Exchange can't store all its managedBy it its own attribute ( msExchCoManagedByLink).? and Why I can't avail this feature for particular group which managedBy is set a security group and or non mail enabled group ( as i described that i am getting error).
Can someone please clear this behavior of Exchange to me.
Please remember to mark the appropriate replies as answer after your question is solved, thanks
I can answer the first part of your question (why the attriute in the Exchange UI is using both managedBy as well as msExchCoManagedBy). This is done for Backward Compatibility.
So, in older versions of Exchange, "managedBy" was the only atribute used for group ownership and this attribute in AD is a single value attribute. Exchange 2010 wanted to allow for Multiple owners of a group, so they introduced a new multi-value attribute (so as not to change the schema for an old attribute and break backward compatibility). So, to preserve OLD Customer environments and keep them functional, they use the "manangedBy" attribute for the first owner (this makes older ADs with just managedBy populated work) and then when you want to add more owners they expand into msExchCoManangedBy.
Not sure why you cannot use Groupsand non-mail-enabled objects as owners.
I am also facing the same issue. We want to allow a group of people to modify a perticuler group membership from Exchange 2010.
Please suggest how we can add a group as managed by or group owner. I have added from ADUC console but from Exchange 2010 EMC under Managed by it shows "Object not found" with error.
Md. Ashifuzzaman MCP, MCTS, MCT, MCITP