Distribution List permissions mystery (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Server Security



Message

chipw93 -> Distribution List permissions mystery (11.Nov.2005 9:43:03 PM)

I created an Email Distribution Group as an admin and I made my user

account the manager and checked the box that gave me permission to update

membership. When I go to update the membership inside of the GAL, I get the

following error:



Changes to the Distribution list membership could not be saved.  You

do not have sufficient permission to perform this operation on this object.



What did I miss?  Is there anything more to changing the manager and

allowing updates that I need to do.



I gave myself "Write" rights (really full control) over the group itself as
well.



One odd thing I noticed is that every time I go back to the Group after I
log off, the box is always unchecked where it says "Manager can update
membership list".



The list is a Global Distribution list and not universal.



uemurad -> RE: Distribution List permissions mystery (11.Nov.2005 9:54:21 PM)

Are you by chance running Exchange in mixed-mode?  I ran into this issue because my DLs were on an Exch2K3 server and some users still had mailboxes on Exch2K servers.  Any user with a mailbox on a 2K3 server could manage lists.  Any user with a mailbox on a 2K server could not.

-Dean



chipw93 -> RE: Distribution List permissions mystery (11.Nov.2005 9:56:09 PM)

No it is a full exch 2003 environment.  No mixed mode.  Thanks so far though, I appreciate the input



uemurad -> RE: Distribution List permissions mystery (11.Nov.2005 10:05:51 PM)

I also had an issue with Global DLs vs. Universal DLs, but off the top of my head I can't recall why.  Also, do you have any child domains, and if so, are the lists/users in separate domains?



chipw93 -> RE: Distribution List permissions mystery (11.Nov.2005 10:15:04 PM)

My domain is a child of the root, but all accounts in this scenario are a part of the same domain.  
Someone in another list mentioned to try this

http://support.microsoft.com/kb/281489/ 



consultOz -> RE: Distribution List permissions mystery (12.Nov.2005 10:29:37 PM)

Have you seen this,

http://support.microsoft.com/?id=318074
=============================
This behavior can occur if you have a user group in one Active Directory domain and a distribution group in another domain. Each domain has its own global catalog. When a user tries to manage DL membership by using Microsoft Outlook Address Book, the user who has the permission to manage the DL receives the "do not have sufficient permissions" error message.

A global catalog contains a subset of all objects in the forest; it is only writable for the objects from its own domain. All Outlook requests are processed on the global catalog server of the user's domain. A user can only manage distribution groups that are in the user's domain, because the user's global catalog has a read-only copy of other objects.
============================

Cheers
oz



Page: [1]