none
Apply multiple managed-by on distribution group

All replies

  • Hi,

    Kindly let me know if I get it right: single distribution list should be managed by more then 1 user, if thats the requirement then make a security group owner of that group & all the members of security group will be the owner of that group, do let me know if I get it wrongly.


    Ripu Daman Mina | MCSE 2003 & MCSA Messaging
    Tuesday, August 17, 2010 12:37 PM
  • Hi

    Ripu, you are right. However, I don't want to keep DL group with ACL group (security group).

    Actually, ACL group in my environment is control the access of mailbox.

    And finally, I still have to apply that powershell script of those managedBy on ACL group. That script is same as applying on DL or security group.

    That concern is still exist.

    Wednesday, August 18, 2010 5:53 AM
  • This is a very old thread, but I just worked through this and it may be useful to others. My scenario was a csv file with group names and user names. The user names needed to be added as multiple users to manage groups, but in multiple iterations. As edomLD mentions, this typically results in the last entry added as ManagedBy overwritting the previous. So, what you need to do is build an array of AD objects and use that to set the ManagedBy parameter.

    Something like this:

     

    $list=import-csv C:\AddDistributionGroupOwnerList.csv
    
    Foreach ($i in $list) {
     $grp=get-distributiongroup $i.groupname
     $manage=$grp.managedby
     $newuser=get-user $i.user
     $newmanage=$manage+$newuser
     Set-distributiongroup $.identity -managedby $newmanage -bypasssecuritygroupmanagercheck
     }

     

    The csv file has one column labeled groupname and a second column named user. I'm sure this could be optimized a bit, but it gets the job done.

     

     


    Byron Wright (http://byronwright.blogspot.com)

    • Proposed as answer by Byron Wright Thursday, August 18, 2011 1:48 AM
    Thursday, August 18, 2011 1:47 AM
  • This is again an old thread but I'm hoping someone is watching. I have found that I can set multiple managedby users however only one goes into the managedby attribute as it's single-valued. The rest of them go into the msExchCoManagedBy attribute. I read another old short thread that the managedby is there for backward compatibility and all future managers should go into the back-linked attribute for the co-managed by.

    The user template for the GAL is set up to display the managedby attribute but the msExchCoManagedBy attribute is available for displaying. What I would really like to do is use the managedby attribute to denote "owner" and the msExchCoManagedBy attribute to show other "co-owers" for the list.

    Currently users in either attribute have the ability to manage the list through Outlook. The problem I'm having is that I can't specify which users go into each attribute. I just want to specify who is primary on the list.

    Perhaps since it has been a while, someone has found a way to specify the "co-managed by" attribute using PowerShell.

    • Proposed as answer by PMKelm Friday, June 01, 2012 3:53 PM
    Wednesday, January 18, 2012 10:11 PM
  • We have the same need as dlmillen.  When there are multiple users with "managedby" rights, we need to know how to designate which one is displayed in the "Owner" field when viewing the properties of the distribution group in the GAL.  Hope someone can provide this information. 
    Friday, January 20, 2012 12:16 PM
  • Hi, dlmillin 

    I think I have the answer you are seeking.  When issuing the Set-DistributionGroup command set -ManagedBy for multiple users, the first user ID that is entered in the string will be used for the ManagedBy property (and appear as the "Owner" in the GAL) and the remaining users will be placed in the "msExchCoManagedBy" AD property.  In other words, using the following command will place User1 in the -ManagedBy property and User2, User3 will be go into the "msExchCoManagedBy" field.

    Set-DistributionGroup -Identity "Sales Department" -ManagedBy "User1",”User2”,”User3"

    Friday, January 20, 2012 3:24 PM
  • Byron, if you still monitor this thread, what is the format of your input file for this I'm getting a "'$.identity' couldn't be found" error when I run this, and I have a lot of these to fix due to the group issue as well as on the ACL.


    Sean M. Loftus

    Wednesday, December 19, 2012 8:47 PM
  • Hi Sean,

    I think I made a typo there. Instead of $.identity, I think it should be $grp.identity.


    Byron Wright (http://byronwright.blogspot.com)

    Wednesday, December 19, 2012 9:52 PM
  • Never mind, the listed code has an error in the last line,  $.identity needs to be $grp. Other than that the code below works quite well...

    -------------

    $list=import-csv C:\AddDistributionGroupOwnerList.csv
    
    Foreach ($i in $list) {
     $grp=get-distributiongroup $i.groupname
     $manage=$grp.managedby
     $newuser=get-user $i.user
     $newmanage=$manage+$newuser
     Set-distributiongroup $grp -managedby $newmanage -bypasssecuritygroupmanagercheck
     }


    Sean M. Loftus

    Thursday, December 20, 2012 6:58 PM
  • Thanks Byron, I missed your response but did figure that same thing out. The code works quite well for what I need. I use the below powershell code to pull the users listed with either read or read and write on the DG ACL, the list needs a little clean up like removing system accounts from the list, then that list will directly import using your script.

    The only other issue I see is removing the user on the ACL before importing them back into the managedBy attribute using your script.

    Get-DistributionGroup -ResultSize Unlimited | Get-ADPermission | Where {($_.IsInherited -EQ  $False –AND $_.accessrights –EQ “WriteProperty”) –OR ($_.IsInherited -EQ  $False –AND $_.accessrights –EQ “ReadProperty, WriteProperty”)} | Format-Table -Property Identity, User | Out-String -Width 250 | Out-File C:\GET-ACL_multi.txt


    Sean M. Loftus

    Thursday, December 20, 2012 7:05 PM