Link to home
Start Free TrialLog in
Avatar of Suliman Abu Kharroub
Suliman Abu KharroubFlag for Jordan

asked on

Exchange 2010 strange behaviour (Groups managed by)

Dears Experts,

I have created a new destrpution group form EMC and a domain user (lets say X)"managed by" permission, the X user cant add/remove group members from outlook nor from OWA. but when i run Active Directory users and computer MMC (DSA.MSC) as X user, the user can add/ remove member to the group!!

note: the group is closed join\leave requests.

 help please?
Avatar of Suliman Abu Kharroub
Suliman Abu Kharroub
Flag of Jordan image


One thing more, before the exchange has been upgraded from EX2007, all this was working fine.
Avatar of paarun

try runing the below cmdlet and then check.

set-mailbox <user logon name> -applymandatoryproperties

remove and readd user to "Managed by" of the DL and check.
Does not work,

i got the following when i issued the command:
WARNING: The command completed successfully but no settings of 'domain_name/users/User account' have been modified.

when i tried to add member to the group, i got the following msg :

"changes to the public group membership  can not be saved, you dont have sufficient permission to perform this operation on this object"
What kind of permissions do you have on Exchange Org level?
how can i check the type of  Exchange Org level please ? do you mean NTFS....?
In EMC, click the top most icon in the tree and it will have permissions listed. Check the permission level for you or the group you belong to.
could you please give me the node name ? as i dont find any permissions listed anywhere ?

thank you, appreciate your inputs.
The expansion server for the distribution group should be Exchange 2010 server. Check the properties of the distribution group. If its set to 'any server in the organization' then change it to exchange 2010 server and check whether the issue resolves. Also, the manager's mailbox should also be on exchange 2010 server.
The expansion server check box was unchecked. i selected an 2010 exchange server as exaction server for the group, the issue still exist.

I have only 2 exchange 2010 servers. no exchange 2007 nor 2003.
During the creation of the distribution group using the ECP, the following options are available:

Owner Approval—Open—Anyone can join the group without being approved by the group owners.
Owner Approval—Closed—Members can be added only by the group owners. All requests to join will be rejected automatically.
Owner Approval—Owner Approval—All requests are approved or rejected by the group owners.
Group Open to Leave—Open—Anyone can leave the group without being approved by the group owners.
Group Open to Leave—Closed—Members can be removed only by the group owners. All requests to leave will be rejected automatically.
After all fields have been populated and all options selected, click Save to create the distribution group

More Deatils :
PLease read first...
when I tried to set the owner approval to open, i got the error "
Members can't add themselves to security groups. Please set the group to Closed for requests to join."

but now when i add my account ( the account that supposed to be a manager of the group) as a member of "Organization Management" group, i can add/remove members.

what is a "Organization Management". and what is the risk if add many default (non administrator) users as a members ?

The Organization Management management role group is one of several built-in role groups that make up the Role Based Access Control (RBAC) permissions model in Microsoft Exchange Server 2010.

Administrators that are members of the Organization Management role group have administrative access to the entire Microsoft Exchange Server 2010 organization and can perform almost any task against any Exchange 2010 object, with some exceptions. Tasks that members of this role group can't perform by default are mailbox searches and management of unscoped top level management roles
hi, any updates?
I had read your comment here :

the problem is still exist!!
Avatar of Suliman Abu Kharroub
Suliman Abu Kharroub
Flag of Jordan image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hi, i did copy the text from as you just wanted to know what Organization Management management role group was?

thought it will save you from going through the whole article.