Well I migrated from exchange 2007 to 2010 and was hit with a little problem. Users who where able to manage their Distribution Groups lists were no longer able to mange them. They could no longer add or remove members and got an insufficient premissions message. I confirmed they were set to owner but that did not seem to matter. After a bit of research I realized that I needed to enable a management role in exchange 2010. The management role was MyDistributionGroups. I also realized that this group had way to much power as the end users would be able to create and delete Distribution groups if I enabled it. So what I did was copy it and modify it. Below are the steps needed to enable Users to manage Distribution groups that they are set to owner.
1. In the EMS create a new Management Role
New-ManagementRole -Name MyDistributionGroupsCopy -Parent MyDistributionGroups –Description “This role enables end users to view distribution groups and add or remove members to distribution groups they own.”
2. Now since this role copied the management role MyDistributionGroups we need to modify it and remove some rights.
Remove-ManagementRoleEntry MyDistributionGroupsCopy\Set-Group -Confirm:$false
Remove-ManagementRoleEntry MyDistributionGroupsCopy\Remove-DistributionGroup -Confirm:$false
Remove-ManagementRoleEntry MyDistributionGroupsCopy\New-DistributionGroup -Confirm:$false
3. Now we need to set the Distribution Group Parameters
set-ManagementRoleEntry MyDistributionGroupsCopy\Set-DistributionGroup -parameter Confirm ,ErrorAction ,ErrorVariable ,Identity ,MailTip ,MailTipTranslations , OutBuffer ,OutVariable ,WarningAction ,WarningVariable ,WhatIf
4. Now the final step is to assigned this role to the default role policy so it gets pushed to all users
New-ManagementRoleAssignment -Role MyDistributionGroupsCopy -Policy “Default Role Assignment Policy”
Just double check this policy is enabled, you can do that by using ECP
No comments:
Post a Comment