Solved

Owners cannot change Distribution Group Members

Posted on 2013-05-15
3
714 Views
Last Modified: 2013-05-21
I have many, many users that cannot change members of their distribution groups through the GAL.
The check box for "Manager can update membership list" is checked in Active Directory.
The security permissions also show that the user has "write members" selected as a property and no denies.
If given access to the Active Directory Users and Computers MMC, the user (logged in as them) can change the membership list. It only appears that it will not work when the users try changing them in the GAL.
Any ideas at all?
0
Comment
Question by:tcole333
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Expert Comment

by:manikandadevan
ID: 39170691
Hi,
I personally would do this with RBAC and create a custom role group. I would recommend placing your distribution groups in certain OU's and set your scope to OU. The one thing I love about RBAC is that it can get as granular as you would like to.
0
 

Accepted Solution

by:
tcole333 earned 0 total points
ID: 39173562
Turns out, I figured this out!!!
I appreciate the response Manikandadevan....

The answer that worked for us is that we have a forest root domain with 2 child domains.
Users are located in both of the child domains. Users in a site were connecting to a GC (root domain or the other child domain) that did not hold a writable copy. We created a reg key defining the GC that held a writeable copy.
Hope this helps someone else.
0
 

Author Closing Comment

by:tcole333
ID: 39183819
figured out the problem and added a reg key to fix.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question