Issue
When User1 tries to add a new member to the DistributionGroup1 distribution group, she gets this error:
Changes to the distribution group list membership could not be saved. You do not have sufficient permissions to perform this operation on this object.
Figure 1: User gets a permissions error when trying ot modifying a distribution group membership in Microsoft Outlook
In the past, User1 was able to add/remove members to the distribution group by using Outlook and didn’t need to call the help desk for assistance. What has changed?
You know that you had previously configured SecurityGroup1 to be able to manage this distribution group. Did someone make a change to User1’s security group membership? You look at ADUC first. No change – the user’s still a member of SecurityGroup1.
Figure 2: The user’s still a member of the security group that’s configured to manage the distribution group
Next, you check the distribution group configuration in ADUC to verify that DistributionGroup1 is still being managed by SecurityGroup1.
Figure 3: The user’s still a member of the security group that’s configured to manage the distribution group
Okay, so what’s the deal here? You know you recently migrated to Exchange 2010. So you take a look at DistributionGroup1 in EMC (which reveals that it’s managed by SecurityGroup1, but also displays an ‘Object Not Found’ error).
Figure 4: EMC displays the security group with an ‘Object not found’ error
Why is Exchange 2010 doing this?
This behavior is by design. In Exchange 2010, distribution groups can’t be managed by groups – only individual users can manage groups. So it’s possible that using Exchange 2003, you used groups to manage a distribution group. Group ownership was handled at a different level. Now that these mailboxes have been moved to Exchange 2010, members of these groups can’t modify the group.
So are there any workarounds?
We’ve created a script to work around this limitation. Download Set-DistributionGroupOwners.ps1 from the Script Center.
The script will allow you to simulate a group having ownership of a distribution group in Exchange 2010. The script can be run in three different modes depending on the switches you pass.
- Mode 1 – Set Ownership for a particular distribution group. Modifications to the ManagedBy attribute are not set at this time. It will simply modify a Custom Attribute to have the information needed later when the script sets the ManagedBy attribute.
- Mode 2 – Modify the ManagedBy attribute of a specific distribution group so the members of either a security group or distribution group can manage it.
- Mode 3 – Is designed to be run as a scheduled task and ensure individual members of a group have ownership of the Distribution Group which they are set to own. This mode is used if you prefer to automate the process and perhaps run it nightly to look for any changes to security group and distribution group membership.
Read More from the Source: http://msibrahim.wordpress.com/2011/05/08/how-to-manage-groups-with-groups-in-exchange-2010/
No comments:
Post a Comment
Leave a comment if you find this post useful or if you have any questions