Friday, January 21, 2011

Users to Manage Distribution Groups in Exchange2010 through Outlook

By default, users(who are managers for their Distribution Groups(DGs)) can manage their groups through outlook in Exchange2003. But in Exchange 2010 it was disabled by default and users cann't manage their DGs through outlook client. This is one of the issue to consider during migrations from Exchange 2003 to 2010.

When a user opens Outlook 2007 and attempts to manage his or her distribution groups, he receive the following error message:

"Changes to the distribution list membership cannot be saved. You do not have sufficient permissions to perform this operation on this object."
To give users the ability to manage their distribution groups, go into the Exchange Control Panel and follow these steps:

1. http://msexchangeserver/ecp

2.Choose the option to manage My Organization.

3.Select the User Roles option, which is found in the Users and Groups section.

4.Select the Default Role Assignment Policy and click the Details button.

5.Check the My Distribution Groups box (Figure 1).


Figure 1. By selecting the My Distribution Groups check box, you can allow users to manage their own groups in Exchange 2010.
This option also enable users the ability to create and remove distribution groups.
If you don't want to give users the ability to create and remove distribution groups, Microsoft created a script that removes the option completely.

How do I run this thing?
To run the script you need to copy the contents of the script to a text file on the machine you are going to run it on. Then save the file as a .ps1... I recommend Manage-GroupManagementRole.ps1 .

To fill all of the above requirements with minimal effort run the following from an Exchange Powershell Prompt:

Manage-Groupmanagementrole.ps1 -creategroup -removegroup

This will create everything you need with the correct settings using the default names in the script. If you would like help on the script you can either look in the contents of the file or run it with no switches.

What does the script do?
Creates a new RBAC role that is a child of the MyDistributionGroups Role
Removes the cmdlets remove-distributiongroup and new-distributiongroup from the new role that was just created. Assigns the new role to the Default Role Assignment Policy.
When complete your users will be able to manage distribution groups but not create or remove them.


Resources: http://msexchangeteam.com/archive/2009/11/18/453251.aspx by Matt Byrd
http://searchexchange.techtarget.com/Issues-to-watch-for-during-an-Exchange-Server-2010-migration By Brien M. Posey.
Posted by at No comments:
Subscribe to: Posts (Atom)