Exchange: unable to manage DL members


Exchange 2010 (SP1) Unable to Manage Distribution List. By design even DL owners are not able to modify the distribution groups.

Following steps enable  all the owners of a distribution list can manage there own distribution list. Using RBAC (Role Based Access Control) in Exchange 2010 we are able to give the users the right permissions to manage there own distribution lists.

List the Policy name and it’s role type.

[PS] D:\>Get-ManagementRole

Name                                                        RoleType
—-                                                        ——–
Recipient Policies                                          RecipientPolicies
Active Directory Permissions                                ActiveDirectoryPermissions
Address Lists                                               AddressLists
Audit Logs                                                  AuditLogs
Cmdlet Extension Agents                                     CmdletExtensionAgents
Database Availability Groups                                DatabaseAvailabilityGroups
Database Copies                                             DatabaseCopies
Databases                                                   Databases
Disaster Recovery                                           DisasterRecovery
Distribution Groups                                         DistributionGroups
E-Mail Address Policies                                     EmailAddressPolicies
Edge Subscriptions                                          EdgeSubscriptions
Exchange Connectors                                         ExchangeConnectors
Exchange Server Certificates                                ExchangeServerCertificates
Exchange Servers                                            ExchangeServers
Exchange Virtual Directories                                ExchangeVirtualDirectories
Federated Sharing                                           FederatedSharing
Information Rights Management                               InformationRightsManagemen
Journaling                                                  Journaling
Legal Hold                                                  LegalHold
Mail Enabled Public Folders                                 MailEnabledPublicFolders
Mail Recipient Creation                                     MailRecipientCreation
Mail Recipients                                             MailRecipients
Mail Tips                                                   MailTips
Mailbox Search                                              MailboxSearch
Message Tracking                                            MessageTracking
Migration                                                   Migration
Monitoring                                                  Monitoring
Move Mailboxes                                              MoveMailboxes
Organization Client Access                                  OrganizationClientAccess
Organization Configuration                                  OrganizationConfiguration
Organization Transport Settings                             OrganizationTransportSetti
POP3 And IMAP4 Protocols                                    POP3AndIMAP4Protocols
Public Folder Replication                                   PublicFolderReplication
Public Folders                                              PublicFolders
Receive Connectors                                          ReceiveConnectors
Remote and Accepted Domains                                 RemoteAndAcceptedDomains
Retention Management                                        RetentionManagement
Role Management                                             RoleManagement
Security Group Creation and Membership                      SecurityGroupCreationAndMe
Send Connectors                                             SendConnectors
Support Diagnostics                                         SupportDiagnostics
Transport Agents                                            TransportAgents
Transport Hygiene                                           TransportHygiene
Transport Queues                                            TransportQueues
Transport Rules                                             TransportRules
UM Mailboxes                                                UMMailboxes
UM Prompts                                                  UMPrompts
Unified Messaging                                           UnifiedMessaging
User Options                                                UserOptions
View-Only Configuration                                     ViewOnlyConfiguration
View-Only Recipients                                        ViewOnlyRecipients
ApplicationImpersonation                                    ApplicationImpersonation
Mailbox Import Export                                       MailboxImportExport
MyBaseOptions                                               MyBaseOptions
MyContactInformation                                        MyContactInformation
MyProfileInformation                                        MyProfileInformation
MyRetentionPolicies                                         MyRetentionPolicies
MyTextMessaging                                             MyTextMessaging
MyVoiceMail                                                 MyVoiceMail
MyDiagnostics                                               MyDiagnostics
MyDistributionGroupMembership                               MyDistributionGroupMembers
MyDistributionGroups                                        MyDistributionGroups
UnScoped Role Management                                    UnScopedRoleManagement
View-Only Audit Logs                                        ViewOnlyAuditLogs
MyAddressInformation                                        MyContactInformation
MyDisplayName                                               MyProfileInformation
MyMobileInformation                                         MyContactInformation
MyName                                                      MyProfileInformation
MyPersonalInformation                                       MyContactInformation
————–

[PS] D:\robiul>New-ManagementRole -Name Custom_OwnerDistributionGroups -Parent MyDistributionGroups -Description “This role enables individual users to view distribution groups and add or remove members to distribution groups they own or add a Mailtip.”

Name                                                        RoleType
—-                                                        ——–
Custom_OwnerDistributionGroups                              MyDistributionGroups

[PS] D:\>Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\New-DistributionGroup -Confirm:$false
[PS] D:\Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Remove-DistributionGroup -Confirm:$false
[PS] D:\>Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-Group -Confirm:$false
[PS] D:\>set-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-DistributionGroup -parameter Confirm ,ErrorAct
ion ,ErrorVariable ,Identity ,MailTip ,MailTipTranslations , OutBuffer ,OutVariable ,WarningAction ,WarningVariable ,Wha
tIf

Now Add the new Custom Role to the “Default Role Assignment Policy” from ECP eg. https://yourweburl/ecp

Other method that also works:
http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx

Apparently Microsoft has fixed this issue on Update Rollup 3 for Exchange Server 2010 sp1. you may download the patch from following link:

http://support.microsoft.com/kb/2529939

Advertisements

About Robiul

Robiul has 15 years of continuous successful career experience in ICT with extensive background in System Engineering, IT infrastructure design, operations and service delivery, managing IT projects / MIS functions for local and multi-national companies with in-depth knowledge of multiple operating systems as well as construct / manage small to medium size Data Center. Proven ability to design and implement medium to semi-large scale LAN/WAN/WLAN and system infrastructures. Academic qualification: Master of Science in Information Systems. Professional certifications are: MCSE, CCNA, ITIL and FoundStone Security Professional, VCP, NetAPP, CISSP etc.
This entry was posted in Exchange and tagged . Bookmark the permalink.