Add ManagedBy permissions to a Distribution List to more than 1 user

by Nuno Mota [Published on 18 Jan. 2012 / Last Updated on 28 Dec. 2011]

In Exchange 2007, the ManagedBy property of a Distribution List [DL] works in a different way than in previous versions of Exchange. According to Microsoft, this property is an informational field that users see in Outlook or OWA when viewing the properties of the DL. This property does not provide the user who is identified in the ManagedBy property with the ability to modify the members of that DL.

 

To do that we must explicitly grant the required Active Directory [AD] permissions. However, by using Active Directory Users and Computers you can only assign permissions to one user... To assign to more than one, you have to use the Add-ADPermission cmdlet that adds permissions to an AD object. For example, to grant John the rights to add members to the AllStaff DL you run the following cmdlet:

 

Add-ADPermission -Identity "All Staff” -User "John Anthony" -AccessRights WriteProperty -Properties "Member"

 

 

For detailed syntax and information, refer to Add-ADPermission on http://technet.microsoft.com/en-us/library/bb124403.aspx

 

NOTE:

1.        by using this method, John’s name will not show in AD Users and Computers nor in Outlook as the manager for this DL, but he can still add/remove members, so you might want to use this together with the option on Exchange;

2.        you can only be granted the manager rights on groups in your own domain. This is a limitation of how Exchange uses the Global Catalogs.

 

Tip: You can also do this by going to the Security tab on the Properties of the DL and manually assign the Write Members special permission to the user.

See Also

Featured Links