?
Solved

restrict users to modify Global Address  Distribution List member list

Posted on 2008-10-20
8
Medium Priority
?
598 Views
Last Modified: 2009-10-06
Hi All,

I have exchange server 2007 environment. My problem is that , all the users in my Exchange can modify GAL Distribution List Member list. i want to restrict them . how to do this. please give me your suggestion.

Thanks
0
Comment
Question by:fextech
  • 3
  • 3
7 Comments
 
LVL 8

Expert Comment

by:greesh_hem
ID: 22755668
0
 

Author Comment

by:fextech
ID: 22755690

Thanks for comment Gressh, but i am looking for restriction, not allow .  in my environment users are able to modify the GAL . how it is happend , and how can i stop them for modification in GAL.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22759596
Add-ADPermission -Identity:'Group Display Name -User:domain\username -AccessRights ReadProperty, WriteProperty -Properties 'Member' -deny
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:fextech
ID: 22765502
Thanks  Greesh, I want to deny writeproperty  for all users except administrator, how i can apply this on a particuler OU 's users or all users .
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22765773
@fextech: Did the above command work for you using -deny switch ?? Or not ??
0
 

Author Comment

by:fextech
ID: 22766091
yes it worked, but i have a lots of users those have permission. and i want to restrict all of them. so how can i use this syntax.
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 1000 total points
ID: 22766824
You need to have some thing common to those users (for example i am using customattribute1 common to all users in the following example)

$Users = Get-User | where {$_.customattribute1 -like "ABCD"}

Add-ADPermission -Identity:'Group Display Name -User "$Users" -AccessRights ReadProperty, WriteProperty -Properties 'Member' -deny

This worked on my lab.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question