A user managed distribution group

miniadmin 21 Reputation points
2021-11-09T17:21:29.16+00:00

Hello

I'm trying to create a distribution group whose members are managed by a regular user while meeting following requirements:

  • This owner/manager shall only be able to manage groups owned/managed by him
  • The members should only be added and removed by the groups manager - a closed group
  • The group should receive emails from inside and outside of the organization

What I already tried

  • Creating a distribution group in ECP and selecting a user as the owner
  • Creating a distribution group via the Exchange Shell
  • Modifying the group owner via ECP, AD and Exchange Shell
  • Checking the "Manager can update membership list" checkbox in the "Managed By" tab
  • Modifying the access rights via PowerShell Add-ADPermission -Identity: "[GROUP]" -User "[USER]" -AccessRights ReadProperty, WriteProperty -Properties "Member"
  • Waiting for days and Restarting IIS

Additional information

  • Exchange 2016 with latest patches
  • The group is a universal distribution group
  • The alias contains no special or unauthorized characters
  • The Group is member of the GAL

All the listed methods are resulting in the following error message while the owner/manager is trying to change the members of his group using Outlook:

Changes to the distribution list membership cannot be saved. You do not have sufficient permission to perform this operation on this object.

Using RBAC would lead to a user having control over all distribution groups in a certain OU. Doing it right would lead to creating a new OU for each user's group and a new admin role containing this sole user linked to this specific OU.

Is there any other way to solve this one? All ideas are welcome.

Thanks

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,279 questions
{count} votes

Accepted answer
  1. Andy David - MVP 139.8K Reputation points MVP
    2021-11-09T17:36:43.737+00:00

    Using RBAC would lead to a user having control over all distribution groups in a certain OU. Doing it right would lead to creating a new OU for each user's group and a new admin role containing this sole user linked to this specific OU.

    The users would only be able to update the membership of the groups they own, not all the groups in a certain OU. Unless I am missing something here?

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful