Solved

Exchange 2003 Enterprise Security Groups

Posted on 2009-07-16
10
313 Views
Last Modified: 2012-05-07
Hi there,

I have created multuiple security groups with members in active directory. These also have an email address associated with them so they act as distribution groups as well. How can I tell Exchange Server 2003 to only allow Administrators to modify the members to a group. At present anybody can call a group up in Outlook and modify its members. I have tried using the Managed By tab and it seems to make no difference. Have I completely missed the point somewhere?

Many thanks in advance,
Michael
0
Comment
  • 6
  • 4
10 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 24870735
Check the permissions on the security tab for following groups..
Authenticated users
Domain users
Everyone
or any security group where all users are member of
0
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 24870831
Check the affective permission of groups and see if they are allowed to modify the membership. It will be easy if you go to the advanced security settings and sort the permission tab to identify the culprit group..
permission1.GIF
permission.GIF
0
 

Author Closing Comment

by:Just_When_I_Thought_Knew_It
ID: 31604300
Hi Subsun,
thank you so kindly for your answer - it has also pointed out to me that I think I have made a major error. I have setup all my email groups in Active Directory/Groups and I am now beginning to think I should have set them up under Exchange System Manager/All Address Lists/All Groups.

Can you just write me back to let me know.
Thankyou kindly,
Michael Dupree
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 40

Expert Comment

by:Subsun
ID: 24877985
In Exchange 2003 the recipient management is done using active directory and computers. If you mail enable a group in AD it will get automatically populated to the address list because there is a query defined in the Exchange System Manager/All Address Lists/All Groups to list all mail enabled groups in AD.

Your users was able to change the address list since they have permission on the group, this might be inherited from the OU. You may check and find out from where the permission is getting inherited to the distribution groups.
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878499
Once again thank you Subsun,
well I have to admit I suddently feel technically quite useless - the screen dumps you placed in the original response I-  cannot find them anywhere in my Active Directory (WS 2003) - could you just drop another comment detailing the navigation required to get to these screens?

Thanks again,
Michael
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24878743
Go to security tab and click on advanced..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878965
Thank you Subsun,
in a sense I am so glad you said that because when I open up the properties for a group I have no security tab!! Very confused!!

group-properties.jpg
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24878998
Select the advanced features as shown in screen shot..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24879043
Oh my goodness - in all the four years that I have been using Active Directory I have noticed that option - oh wonderful stuff Subsun - I feel so small!! Still at least I've got the w/e to try and feel like a man again. Once again, thank you very kindly for all your support on this question - Michael.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24879145
Nothing here to feel so small or worry about. some time even masters miss some small things.. It always happens.. Yesterday I was searching for my USB flash drive in my entire house.. at last I found it in my Trouser pocket.. :-)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question