Exchange 2010 – Distribution Groups and adding/removing users

Exchange 2010 – Distribution Groups and adding/removing users

Posted by on 19. J 2011 in Blog

So, I have joined the wonders of Exchange 2010 – And I’ve had my share of users calling in to complain they can’t add or remove users to distribution groups anymore.

1st of all, I had to update every distribution group from Exchange 2007 to 2010 – This is a migration scenario. I can’t remember how, just that I had to 🙂

2nd I found out that in Exchange 2010, you cannot have groups managing distribution groups anymore, but you can however have multiple users managing one distribution group.

Now even though you’ve put a manager on your distribution group that user cannot manage the list until the correct permissions are assigned. For my organisation we want users to manage distribution groups, but NOT create or delete them! For this to work, you need to run the following commands from Exchange Management Shell:

 

The vital commands!

1. Create a new role that is a copy of an already existing MyDistributionGroups-role

New-ManagementRole -Name INSERT-CUSTOM-WANTED-ROLE-NAME-HERE -Parent MyDistributionGroups

2. Remove the ability to create or delete distribution groups by running these commands.

Remove-ManagementRoleEntry CUSTOM-ROLE-NAME\New-DistributionGroup -Confirm:$false
Remove-ManagementRoleEntry CUSTOM-ROLE-NAME\Remove-DistributionGroup -Confirm:$false

3. Add this newly created role to the Default Role Assignment Policy by running this command:

New-ManagementRoleAssignment -Role CUSTOM-ROLE-NAME -Policy “Default Role Assignment Policy”

The above is what allowed us to make our users able to add and remove users from distribution groups they are managers of.

 

The easiest solution!

As a side-note; if you want them to be able to create and delete distribution groups as well – The only command you need to run is:

New-ManagementRoleAssignment -Role MyDistributionGroups -Policy “Default Role Assignment Policy”

But do you really want a cluttered address lists? 🙂