Link to home
Start Free TrialLog in
Avatar of jhaff
jhaffFlag for Afghanistan

asked on

exchange powershell

I'm trying to delegate control of a distribution list... easily done in earlier version of exchange.  The user has the "owner" rights on the DL properties page, but as i understand it i need to add specific AD privileges as well.  i'm running the powershell as administrator with the following command:

Add-ADPermission -Identity "List Name" -user "user's name" -accessrights WriteProperty -Properties "Member"

each time i try, it errors out with the following:

Active Directory operation failed on "domain controller name".  This error is not retriable.  Additional info: access is denied.

AD Response ... insuff_access_rights

i've read numerous posts that i need the inherited privileges from parent object check box checked, but that does not solve the issue.  any help is appreciated.
Avatar of stanley_stars
stanley_stars
Flag of United States of America image
Does the account you are using have the appropriate Exchange role Permissions? Organization Administrator role would for sure work...
Avatar of adam_smith
adam_smith
Flag of United States of America image
Are you using Exchange 2010 or 2007? If you are using 2010 you need to use the -bypasssecuritygroupmanagercheck to be able to add a managedby person on the list. The managedby users should be able to manage the members of the list.
If you are using 2007 you need to run something like this:
add-adpermission -identity 'group' -User 'group manager' -AccessRights WriteProperty -Properties "Member"

Hope this helps.
Avatar of jhaff
jhaff
Flag of Afghanistan image

ASKER


i'm in 2010 - the cmdlet you entered is exactly what i have in my post.  do i simply add the -bypasssecuritygroupmanagercheck to my cmdlet ?
ASKER CERTIFIED SOLUTION
Avatar of adam_smith
adam_smith
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial