Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003 Enterprise Security Groups

Posted on 2009-07-16
10
Medium Priority
?
319 Views
Last Modified: 2012-05-07
Hi there,

I have created multuiple security groups with members in active directory. These also have an email address associated with them so they act as distribution groups as well. How can I tell Exchange Server 2003 to only allow Administrators to modify the members to a group. At present anybody can call a group up in Outlook and modify its members. I have tried using the Managed By tab and it seems to make no difference. Have I completely missed the point somewhere?

Many thanks in advance,
Michael
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 24870735
Check the permissions on the security tab for following groups..
Authenticated users
Domain users
Everyone
or any security group where all users are member of
0
 
LVL 40

Accepted Solution

by:
Subsun earned 1000 total points
ID: 24870831
Check the affective permission of groups and see if they are allowed to modify the membership. It will be easy if you go to the advanced security settings and sort the permission tab to identify the culprit group..
permission1.GIF
permission.GIF
0
 

Author Closing Comment

by:Just_When_I_Thought_Knew_It
ID: 31604300
Hi Subsun,
thank you so kindly for your answer - it has also pointed out to me that I think I have made a major error. I have setup all my email groups in Active Directory/Groups and I am now beginning to think I should have set them up under Exchange System Manager/All Address Lists/All Groups.

Can you just write me back to let me know.
Thankyou kindly,
Michael Dupree
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 40

Expert Comment

by:Subsun
ID: 24877985
In Exchange 2003 the recipient management is done using active directory and computers. If you mail enable a group in AD it will get automatically populated to the address list because there is a query defined in the Exchange System Manager/All Address Lists/All Groups to list all mail enabled groups in AD.

Your users was able to change the address list since they have permission on the group, this might be inherited from the OU. You may check and find out from where the permission is getting inherited to the distribution groups.
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878499
Once again thank you Subsun,
well I have to admit I suddently feel technically quite useless - the screen dumps you placed in the original response I-  cannot find them anywhere in my Active Directory (WS 2003) - could you just drop another comment detailing the navigation required to get to these screens?

Thanks again,
Michael
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24878743
Go to security tab and click on advanced..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878965
Thank you Subsun,
in a sense I am so glad you said that because when I open up the properties for a group I have no security tab!! Very confused!!

group-properties.jpg
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24878998
Select the advanced features as shown in screen shot..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24879043
Oh my goodness - in all the four years that I have been using Active Directory I have noticed that option - oh wonderful stuff Subsun - I feel so small!! Still at least I've got the w/e to try and feel like a man again. Once again, thank you very kindly for all your support on this question - Michael.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24879145
Nothing here to feel so small or worry about. some time even masters miss some small things.. It always happens.. Yesterday I was searching for my USB flash drive in my entire house.. at last I found it in my Trouser pocket.. :-)
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question