Solved

Exchange 2003 Enterprise Security Groups

Posted on 2009-07-16
10
311 Views
Last Modified: 2012-05-07
Hi there,

I have created multuiple security groups with members in active directory. These also have an email address associated with them so they act as distribution groups as well. How can I tell Exchange Server 2003 to only allow Administrators to modify the members to a group. At present anybody can call a group up in Outlook and modify its members. I have tried using the Managed By tab and it seems to make no difference. Have I completely missed the point somewhere?

Many thanks in advance,
Michael
0
Comment
  • 6
  • 4
10 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 24870735
Check the permissions on the security tab for following groups..
Authenticated users
Domain users
Everyone
or any security group where all users are member of
0
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 24870831
Check the affective permission of groups and see if they are allowed to modify the membership. It will be easy if you go to the advanced security settings and sort the permission tab to identify the culprit group..
permission1.GIF
permission.GIF
0
 

Author Closing Comment

by:Just_When_I_Thought_Knew_It
ID: 31604300
Hi Subsun,
thank you so kindly for your answer - it has also pointed out to me that I think I have made a major error. I have setup all my email groups in Active Directory/Groups and I am now beginning to think I should have set them up under Exchange System Manager/All Address Lists/All Groups.

Can you just write me back to let me know.
Thankyou kindly,
Michael Dupree
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24877985
In Exchange 2003 the recipient management is done using active directory and computers. If you mail enable a group in AD it will get automatically populated to the address list because there is a query defined in the Exchange System Manager/All Address Lists/All Groups to list all mail enabled groups in AD.

Your users was able to change the address list since they have permission on the group, this might be inherited from the OU. You may check and find out from where the permission is getting inherited to the distribution groups.
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878499
Once again thank you Subsun,
well I have to admit I suddently feel technically quite useless - the screen dumps you placed in the original response I-  cannot find them anywhere in my Active Directory (WS 2003) - could you just drop another comment detailing the navigation required to get to these screens?

Thanks again,
Michael
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 40

Expert Comment

by:Subsun
ID: 24878743
Go to security tab and click on advanced..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24878965
Thank you Subsun,
in a sense I am so glad you said that because when I open up the properties for a group I have no security tab!! Very confused!!

group-properties.jpg
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24878998
Select the advanced features as shown in screen shot..
ad.JPG
0
 

Author Comment

by:Just_When_I_Thought_Knew_It
ID: 24879043
Oh my goodness - in all the four years that I have been using Active Directory I have noticed that option - oh wonderful stuff Subsun - I feel so small!! Still at least I've got the w/e to try and feel like a man again. Once again, thank you very kindly for all your support on this question - Michael.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24879145
Nothing here to feel so small or worry about. some time even masters miss some small things.. It always happens.. Yesterday I was searching for my USB flash drive in my entire house.. at last I found it in my Trouser pocket.. :-)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Utilizing an array to gracefully append to a list of EmailAddresses
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now