Avatar of Suliman Abu Kharroub
Suliman Abu Kharroub
Flag for Jordan asked on

Exchange 2010 strange behaviour (Groups managed by)

Dears Experts,

I have created a new destrpution group form EMC and a domain user (lets say X)"managed by" permission, the X user cant add/remove group members from outlook nor from OWA. but when i run Active Directory users and computer MMC (DSA.MSC) as X user, the user can add/ remove member to the group!!

note: the group is closed join\leave requests.

 help please?
Exchange

Avatar of undefined
Last Comment
paarun

8/22/2022 - Mon
Suliman Abu Kharroub

ASKER
One thing more, before the exchange has been upgraded from EX2007, all this was working fine.
paarun

try runing the below cmdlet and then check.

set-mailbox <user logon name> -applymandatoryproperties

remove and readd user to "Managed by" of the DL and check.
Suliman Abu Kharroub

ASKER
Does not work,

i got the following when i issued the command:
WARNING: The command completed successfully but no settings of 'domain_name/users/User account' have been modified.

when i tried to add member to the group, i got the following msg :

"changes to the public group membership  can not be saved, you dont have sufficient permission to perform this operation on this object"
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
paarun

What kind of permissions do you have on Exchange Org level?
Suliman Abu Kharroub

ASKER
how can i check the type of  Exchange Org level please ? do you mean NTFS....?
paarun

In EMC, click the top most icon in the tree and it will have permissions listed. Check the permission level for you or the group you belong to.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Suliman Abu Kharroub

ASKER
could you please give me the node name ? as i dont find any permissions listed anywhere ?

thank you, appreciate your inputs.
utopianabhi

The expansion server for the distribution group should be Exchange 2010 server. Check the properties of the distribution group. If its set to 'any server in the organization' then change it to exchange 2010 server and check whether the issue resolves. Also, the manager's mailbox should also be on exchange 2010 server.
Suliman Abu Kharroub

ASKER
The expansion server check box was unchecked. i selected an 2010 exchange server as exaction server for the group, the issue still exist.

I have only 2 exchange 2010 servers. no exchange 2007 nor 2003.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Satya Pathak

During the creation of the distribution group using the ECP, the following options are available:

Owner Approval—Open—Anyone can join the group without being approved by the group owners.
Owner Approval—Closed—Members can be added only by the group owners. All requests to join will be rejected automatically.
Owner Approval—Owner Approval—All requests are approved or rejected by the group owners.
Group Open to Leave—Open—Anyone can leave the group without being approved by the group owners.
Group Open to Leave—Closed—Members can be removed only by the group owners. All requests to leave will be rejected automatically.
After all fields have been populated and all options selected, click Save to create the distribution group

More Deatils :
http://www.networkworld.com/community/node/47428
PLease read first...
http://technet.microsoft.com/en-us/library/dd638149.aspx
Suliman Abu Kharroub

ASKER
when I tried to set the owner approval to open, i got the error "
Set-DistributionGroup
Failed
Error:
Members can't add themselves to security groups. Please set the group to Closed for requests to join."

but now when i add my account ( the account that supposed to be a manager of the group) as a member of "Organization Management" group, i can add/remove members.

what is a "Organization Management". and what is the risk if add many default (non administrator) users as a members ?

paarun

The Organization Management management role group is one of several built-in role groups that make up the Role Based Access Control (RBAC) permissions model in Microsoft Exchange Server 2010.

Administrators that are members of the Organization Management role group have administrative access to the entire Microsoft Exchange Server 2010 organization and can perform almost any task against any Exchange 2010 object, with some exceptions. Tasks that members of this role group can't perform by default are mailbox searches and management of unscoped top level management roles
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
paarun

hi, any updates?
Suliman Abu Kharroub

ASKER
paarun:
I had read your comment here :http://technet.microsoft.com/en-us/library/dd335087.aspx.

the problem is still exist!!
ASKER CERTIFIED SOLUTION
Suliman Abu Kharroub

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
paarun

hi, i did copy the text from http://technet.microsoft.com/en-us/library/dd335087.aspx as you just wanted to know what Organization Management management role group was?

thought it will save you from going through the whole article.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck