Add ManagedBy permissions to a Distribution List to more than 1 user


In Exchange 2007, the ManagedBy property of a Distribution List [DL] works in a different way than in previous versions of Exchange. According to Microsoft, this property is an informational field that users see in Outlook or OWA when viewing the properties of the DL. This property does not provide the user who is identified in the ManagedBy property with the ability to modify the members of that DL.

 

To do that we must explicitly grant the required Active Directory [AD] permissions. However, by using Active Directory Users and Computers you can only assign permissions to one user… To assign to more than one, you have to use the Add-ADPermission cmdlet that adds permissions to an AD object. For example, to grant John the rights to add members to the AllStaff DL you run the following cmdlet:

 

Add-ADPermission -Identity "All Staff” -User "John Anthony" -AccessRights WriteProperty -Properties "Member"

 

 

For detailed syntax and information, refer to Add-ADPermission on http://technet.microsoft.com/en-us/library/bb124403.aspx

 

NOTE:

1.        by using this method, John’s name will not show in AD Users and Computers nor in Outlook as the manager for this DL, but he can still add/remove members, so you might want to use this together with the option on Exchange;

2.        you can only be granted the manager rights on groups in your own domain. This is a limitation of how Exchange uses the Global Catalogs.

 

Tip: You can also do this by going to the Security tab on the Properties of the DL and manually assign the Write Members special permission to the user.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top