Link to home
Start Free TrialLog in
Avatar of Andy Andy
Andy AndyFlag for India

asked on

WriteBack Attribute permission on domain level

Hello Team,

We have created one security group in AD, now on domain level, we are giving some Read/Write permissions to Exchange Writeback attributes. i found all required attributes except these two , while giving delegation on domain level to particular Group

Attributes not available for User Objects,contacts,Groups:
msDS-ExternalDirectoryObject
proxyAddresses

Please suggest, what could be the issue or any suggested article of this issue
Thanks,
Addy
Avatar of Andy Andy
Andy Andy
Flag of India image

ASKER

can somebody help me to underline this issue
Avatar of Jian An Lim
msDS-ExternalDirectoryObjectID is for Exchange 2016 (if you don't then no rquirement)


proxyAddresses is definitely there,

I will try to add them by command line

Refer to this article for details
https://blog.kloud.com.au/2014/12/18/aadsync-ad-service-account-delegated-permissions/
hello jian, i am giving all permissions through graphically, could you please point me how can i find proxy address while giving it

and thanks for confirming for the other attribute
never do this via GUI as it has too many attribute to scroll, + proxyaddresses is special so it might not even show up in GUI.

note: spend 5 minutes and can't get it done, but i definitely run the command and the rights has assigned
confirmed, it become additional line with no access (via GUI view)

it is GUI malfunction
So jian, could you suggest a specifically command which i run for user,group and contact for giving write back permissions for proxy address..
for rest i am ok to give it through graphically..

i want to give permission to Universal-security group on domain level..
ASKER CERTIFIED SOLUTION
Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
if i am applying on Group, then where i need to mention that, and what all changes i need to do in above script, please suggest
Line 1 to 9 is variable


Line 18 and Line 19 is for group
no no i mean, to run the script, where exactly i need to do the modification.. to run it for first time
$Account would be where you put the group name like this

$Account = "MYDOMAIN\GroupName"

Open in new window

and the dn

$DN = "OU=Users,OU=Company,DC=mydomain,DC=com"

Open in new window

thanks Jian