?
Solved

Owners cannot change Distribution Group Members

Posted on 2013-05-15
3
Medium Priority
?
728 Views
Last Modified: 2013-05-21
I have many, many users that cannot change members of their distribution groups through the GAL.
The check box for "Manager can update membership list" is checked in Active Directory.
The security permissions also show that the user has "write members" selected as a property and no denies.
If given access to the Active Directory Users and Computers MMC, the user (logged in as them) can change the membership list. It only appears that it will not work when the users try changing them in the GAL.
Any ideas at all?
0
Comment
Question by:tcole333
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Expert Comment

by:manikandadevan
ID: 39170691
Hi,
I personally would do this with RBAC and create a custom role group. I would recommend placing your distribution groups in certain OU's and set your scope to OU. The one thing I love about RBAC is that it can get as granular as you would like to.
0
 

Accepted Solution

by:
tcole333 earned 0 total points
ID: 39173562
Turns out, I figured this out!!!
I appreciate the response Manikandadevan....

The answer that worked for us is that we have a forest root domain with 2 child domains.
Users are located in both of the child domains. Users in a site were connecting to a GC (root domain or the other child domain) that did not hold a writable copy. We created a reg key defining the GC that held a writeable copy.
Hope this helps someone else.
0
 

Author Closing Comment

by:tcole333
ID: 39183819
figured out the problem and added a reg key to fix.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question