Solved

Exchange 2003 Enterprise Security Groups

Posted on 2009-07-16
10
312 Views
Last Modified: 2012-05-07
Hi there,

I have created multuiple security groups with members in active directory. These also have an email address associated with them so they act as distribution groups as well. How can I tell Exchange Server 2003 to only allow Administrators to modify the members to a group. At present anybody can call a group up in Outlook and modify its members. I have tried using the Managed By tab and it seems to make no difference. Have I completely missed the point somewhere?

Many thanks in advance,
Michael
0
Comment
  • 6
  • 4
10 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 24870735
Check the permissions on the security tab for following groups..
Authenticated users
Domain users
Everyone
or any security group where all users are member of
0
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 24870831
Check the affective permission of groups and see if they are allowed to modify the membership. It will be easy if you go to the advanced security settings and sort the permission tab to identify the culprit group..
permission1.GIF
permission.GIF
0
 

Author Closing Comment

by:Just_When_I_Thought_Knew_It
ID: 31604300
Hi Subsun,
thank you so kindly for your answer - it has also pointed out to me that I think I have made a major error. I have setup all my email groups in Active Directory/Groups and I am now beginning to think I should have set them up under Exchange System Manager/All Address Lists/All Groups.

Can you just write me back to let me know.
Thankyou kindly,
Michael Dupree
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24877985
In Exchange 2003 the recipient management is done using active directory and computers. If you mail enable a group in AD it will get automatically populated to the address list because there is a query defined in the Exchange System Manager/All Address Lists/All Groups to list all mail enabled groups in AD.

Your users was able to change the address list since they have permission on the group, this might be inherited from the OU. You may check and find out from where the permission is getting inherited to the distribution groups.
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878499
Once again thank you Subsun,
well I have to admit I suddently feel technically quite useless - the screen dumps you placed in the original response I-  cannot find them anywhere in my Active Directory (WS 2003) - could you just drop another comment detailing the navigation required to get to these screens?

Thanks again,
Michael
0
Are your end users making ugly email signatures?

Have you left it up to your end users to create their own email signatures? Are they forgetting to add the company logo or using garish font colors? Take control and ensure all users have the same email signature.

 
LVL 40

Expert Comment

by:Subsun
ID: 24878743
Go to security tab and click on advanced..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878965
Thank you Subsun,
in a sense I am so glad you said that because when I open up the properties for a group I have no security tab!! Very confused!!

group-properties.jpg
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24878998
Select the advanced features as shown in screen shot..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24879043
Oh my goodness - in all the four years that I have been using Active Directory I have noticed that option - oh wonderful stuff Subsun - I feel so small!! Still at least I've got the w/e to try and feel like a man again. Once again, thank you very kindly for all your support on this question - Michael.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24879145
Nothing here to feel so small or worry about. some time even masters miss some small things.. It always happens.. Yesterday I was searching for my USB flash drive in my entire house.. at last I found it in my Trouser pocket.. :-)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now