Share via


Move-DominoGroup and Manager access to update membership lists

As it currently stands with our Transporter Suite, Managers that are designated on Domino Groups that are then migrated to Exchange with the Move-DominoGroup command do not have access to manage/update the membership list. This can be identified by the fact that the Name field on the Managed By tab in Active Directory Users and Computers is populated, but the Manager can update membership list is not checked.

If there are a lot of groups that have been migrated in your environment you can fix them in bulk by identifying the groups that have a ManagedBy attribute set and update the appropriate AD Permissions as needed. Here's a sample of how to do this in a powershell script, assuming you want all managers to be able to update the membership list.

Note: Entirely unsupported. Your mileage may vary.

#=================================================
# FixManagerAccess Script by Stuart Presley
# This script will check for the presence of the
# ManagedBy field on DistributionGroups and
# update the AD Permissions to grant the
# identified manager the rights needed to update
# the membership list
#
# Requires: Exchange Management Shell
# Usage: .\FixManagerAccess.ps1
#
#=================================================

$groups = Get-DistributionGroup -Filter {ManagedBy -ne $null}

foreach($group in $groups)
{
  $manager = $group.ManagedBy
  Add-ADPermission -identity $group.Identity -User $manager -AccessRights "WriteProperty" -ExtendedRights "Self-Membership"
  Add-AdPermission -identity $group.Identity -User $manager -AccessRights "WriteProperty" -Properties Member -InheritanceType None
}

#=================================================