Solved

restrict users to modify Global Address  Distribution List member list

Posted on 2008-10-20
8
543 Views
Last Modified: 2009-10-06
Hi All,

I have exchange server 2007 environment. My problem is that , all the users in my Exchange can modify GAL Distribution List Member list. i want to restrict them . how to do this. please give me your suggestion.

Thanks
0
Comment
Question by:fextech
  • 3
  • 3
8 Comments
 
LVL 8

Expert Comment

by:greesh_hem
Comment Utility
0
 

Author Comment

by:fextech
Comment Utility

Thanks for comment Gressh, but i am looking for restriction, not allow .  in my environment users are able to modify the GAL . how it is happend , and how can i stop them for modification in GAL.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
Comment Utility
Add-ADPermission -Identity:'Group Display Name -User:domain\username -AccessRights ReadProperty, WriteProperty -Properties 'Member' -deny
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 

Author Comment

by:fextech
Comment Utility
Thanks  Greesh, I want to deny writeproperty  for all users except administrator, how i can apply this on a particuler OU 's users or all users .
0
 
LVL 33

Expert Comment

by:Exchange_Geek
Comment Utility
@fextech: Did the above command work for you using -deny switch ?? Or not ??
0
 

Author Comment

by:fextech
Comment Utility
yes it worked, but i have a lots of users those have permission. and i want to restrict all of them. so how can i use this syntax.
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 250 total points
Comment Utility
You need to have some thing common to those users (for example i am using customattribute1 common to all users in the following example)

$Users = Get-User | where {$_.customattribute1 -like "ABCD"}

Add-ADPermission -Identity:'Group Display Name -User "$Users" -AccessRights ReadProperty, WriteProperty -Properties 'Member' -deny

This worked on my lab.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now