Custom Distribution Group management role (manager excpeiton)

Similar Messages

• Customizing Distribution - anyone using successfully?

  Hi!
  We are planning an SAP IS-U and CRM implementation and I hav read about the potential benefits of using the Customizing Distribution in SAP Solution Manager to keep customizing synchronised between IS-U and CRM.
  However, I have also read advise suggesting that it is difficult to use, not very mature and should only be considered  for complex solutions with an experienced support team.
  Is there anyone out there who has some advice, based on actual use in an ERP( or IS-U) /CRM Landscape?  What are your experiences?  Are the benefits worth the effort?
  Many thanks!

  I haven't used it, but it sounds like you are looking at just two of the many products based on the DisplayLink USB video standard.
  The little I've read about them says that they work, but will appear to lag compared to true built-in and DVI monitors. That's just because USB doesn't have the bandwidth of a real video card. This won't be a problem if you're just doing office stuff, but you might not like it if you are trying to do anything involving lots of motion.

• Exchange 2003/2010 Co-Existence - Distribution Group Management

  We're running both exchange 2010 and Exchange 2003.  I have an issue where some distribution groups were upgraded to Exchange 2010 (v14.0.100) and the manager of those lists who are on Exchange 2003 can no longer modify members, they get the error:
  "Changes to the distribution list membership cannot be saved.  You do not have sufficient permission to perform this operation on this object".
  We've already implemented the myDistributionGroupsManagement role with success to allow Exchange 2010 users to manage their own list without allowing them to create new ones.
  http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx
  Trying to apply the "Default Role Policy Assignement" to the exchange 2003 users returns an error.  Is there any way Exchange 2003 users can manage Exchange 2010 Distribution list they owned without being upgraded to Exchange 2010?  If not, is
  there any way to downgrade distribution group to Exchange 2003 once they've been upgraded?

  Hi,
  From my lab, legacy exchange user can manage the distribution group which has been  upgrade to Exchange 2010.
  Exchange 2010 sp2, Exchange 2003 with sp2.
  I can add/remove member for distribution group from address book via outlook.
  Xiu Zhang
  TechNet Community Support

• Managing Distribution Groups with hidden membership (when hideDLMembership is true)

  Hi All,
  I have a
  situation in a Exchange 2010 SP2 messaging environments where we want to manage two distribution groups through Outlook client and want to ensure that its membership is visible to none but the distribution group owners.
  I have followed this article "http://blogs.technet.com/b/kamleshk/archive/2013/08/22/3478284.aspx" but in my case the owner can't see the membership.
  The Outlook client version is 2007.
  I have enabled "MyDistributionGroups" in the default role assignment policy to enable Distribution Group management by end users.
  We use Outlook Anywhere but I have tried to add the registry Key "DS Server" but no way.
  Thank you in advance.
  Simone
  Simone

  Hi Simone,
  How about in OWA?
  If OWA works well, it should be an issue on the Outlook Client side.
  If OWA not works neither, it still the permission issue. It need sometimes to sync the operation.
  Please run following command to verify the owner permission:
  Get-DistributionGroup -Indentity DGName | FL
  Thanks
  Mavis 
  Mavis Huang
  TechNet Community Support

• Giving Permissions to specific Distribution Group management for deparment secrety

  Dear ALL
  In our exchange 2010 environment we have multiple departmental distribution group.
  We plan to give management of these distribution group members to each departmental secretary.
  How can achieve this?
  Kindly help
  Ashraf

  All very valid points! 
  The one thing I'd ask you to think about is whether or not you should change the default role assignment policy.  If this is for a handful of users, create a new Role Assignment policy, tweak that (using the steps below) and then assign your new one
  to these users that need to manage the DGs.
  http://blogs.technet.com/b/rmilne/archive/2013/08/09/allow-users-to-manage-distribution-groups-without-creating-new-ones.aspx
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Distribution Group manager can't modify group

  Setup
  MS Exchange 2010 version 14.3 (Build 123.4)
  Distribution Group is a Mail Universal Distribution which has less than 20 members total
  There are three managers in the "Managed By" listing.  Of these two can modify the list, the third cannot.  When the third manager tries to modify the list they get the following error:
  The Public Group cannot be displayed.  The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action.
  Note: The user is connected to the Exchange environment as evidenced by the "Connected to Microsoft Exchange" in the lower right portion of his Outlook 2010 window.  He is also hardwired into the network,
  ie no wireless connection.  He tried the going in through OWA and got the same error as above.  
  Any ideas on what I can check to see why this manager cannot modify the list whereas the other two can? 
  nc

  Hi ncouch55,
  If there are multiple GCs in organization, We could refer to the following link to choose the closest GC for the specific user:
  1). Click Start, and then click Run.
  2). In the Open box, type regedit.exe, and then click OK.
  3). Locate and then click the following key in the registry:
  HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider
  Note You may have to create the registry path.
  4). On the Edit menu, click Add Value, and then add the following registry value:
  Value name: GC Server
  Data type: REG_SZ (string)
  Value data: the FQDN of the closest GC server
  5). Quit Registry Editor.
  If the issue persist, we could clear manager on distribution group and re-grant permission to three manager.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim

• Can't manage distribution group from Outlook with Exchange 2010 or Exchange 2013 mailbox

  Hi All,
  In my environment we are using exchange 2010 that contains the distribution groups which has been migrated from exchange 2003 environment .On that one of the distribution group is having an problem for the user who had an access to manage DL'S via outlook
  but he can't able to manage it.When we add the new user to manage same DL and the new user tries to manage the DL via outlook it happens without any issues. 
  issue occurs only for the user who has already have the manage access permission on the DL where the group was on exchange 2003 before migrated to exchange 2010.
  Reffered blog : http://support2.microsoft.com/kb/2586832?wa=wsignin1.0
  We have done all the settings defined on the above mentioned link but still we are facing the issue.
  In addition to that , we have forcefully upgraded the DL too by using the below mentioned command.
  set-distributiongroup -identity "name of the problematic DL" -forceupgrade
  Please all of you provide your valuable suggestions to overcome this issue .
  Error message :
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

  Hi S.Nithyanandham,
  From your description, I would like to verify if the problematic manager user is a member of security group. If yes, this issue will occur. In Exchange 2010, distribution groups can't be managed by groups, only individual users can manage groups. But in
  Exchange 2003, it is possible to use groups to manage a distribution group.
  For more information, here is a blog for your reference.
  How to manage groups with groups in Exchange 2010
  http://blogs.technet.com/b/exchange/archive/2011/05/04/how-to-manage-groups-with-groups-in-exchange-2010.aspx
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Manage Dynamic Distribution Groups

  We currently have a Dynamic Group, "All Staff"; I have been asked to remove Contracors from this group and still allow an Exchange account. No Filters seem to offer this option. Does the Dynamic Group only include meembers in the Active Directory
  Group used to setup the Dynamic Grouop? We use Managed Users for all employees.
  If I create an Active Directory Group call Contract, will members be excluded from the "All Staff" Distribution Group?
  Is there a better option?

  Hi,
  Agree with Amine.G.
  If there is any problem after using the method Amine.G provided, feel free to contact me.
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Using Multiple Object Types in a FIM Managed Criteria Distribution Group

  Is it possible to use multiple object types in a criteria based distribution group. So when building your criteria filter, "Select (object type) that match (all/any) of the following condiftions". Currently you can only choose 1 object type and
  I want to be able to choose object type "user" and a custom object type I create for my contacts 

  You can create main condition as "any" and later add two sub-conditions - one that object in set "All People" and other sub-condition that object in set "All Contacts" or "All Groups".
  If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

• Cannot manage Distribution group membership when two exchange accounts are configured in outlook.

  Hi,
  I am using outlook 2013 and my exchange server is 2013 too.
  I have a distribution group named "[email protected]" and my user "[email protected]" is moderator of this DL and i was able to add/remove members from this.
  Now, I own one more exchange account as "[email protected]" and i configured the same in outlook 2013 as an exchange account and what i see is i am unable to edit the DL  "[email protected]"
  My default account in outlook is "[email protected]" still i cant edit the DL. As i delete the account "[email protected]" from outlook or configures it ([email protected]) as an IMAP i am able to moderate "[email protected]".
  Any Clue ??? 
  Error message :- "Changes to the distribution list membership cannot be saved. You do not have sufficient permission to perform this operation on this object."
  My Exchange server 2013 and outlook both are having latest updates installed. Thanks.

  I have configured second account as Exchange only in the same Outlook profile. I don't want to switch my profiles to operate the either the accounts.
  Both the accounts are different and don't have any relevancy to each other. "[email protected]" and "[email protected]"
  What i suppose is, "[email protected]" is having permissions on the DL  "[email protected]"
  but "[email protected]" dosent have it. So when i edit "[email protected]" outlook is
  using "[email protected]" to edit it and not "[email protected]"

• Manage Exchange Distribution Group with Dirsync

  Hi,
  Our environment, installed DirSync and no on-premise Exchange in environment. In Office 365 portal, if I need to change Exchange distribution Group, it require to change on-premise AD.
  The question is if I want to update "ownership memeber" (not group memeber) and "membership approval" attribute, how can I do without EMC ?
  thanks
  Keith 

  This belongs in the Exchange forum, I will move it there.
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• Create and Manage Distribution Groups

  You've removed the "Go to the earlier version" option from Outlook Web App. Now how are my users expected to administer the Distribution Groups they own?

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Office client. For Outlook Web App for Office 365 related questions, I would suggest you to post in the dedicated forum of
  Office 365 Community, where you can get more experienced responses:
  http://community.office365.com/en-us/f/158.aspx
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Regards,
  Ethan Hua
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• "Discovery Manager" role cannot place a mailbox on hold

  My Company is testing Exchange 2013 and Exchange Online. We would like to have all discovery functions managed by our legal team.  We have assigned test users the “Discovery Manager” role.  That role should allow them rights to search all mailboxes
  and put search results on hold. Additionally, the discovery manager role should allow them to select a user mailbox in EAC, open the "Mailbox Features" page and enable litigation hold on the mailbox (no searching required). 
  We have found the second feature, enabling litigation hold without searching, is unavailable to discovery managers when using EAC. The "Mailbox Features" page is not exposed to discovery mangers using EAC.  The discovery manager can place a mailbox
  on hold using PowerShell but that would not be a reasonable option for our legal team.
  Please confirm if my understanding is correct, discovery manager should be able to place a mailbox on hold as well as in-place hold using EAC.
  Thanks in advance,
  Ron

  Does "Get-RoleGroup "discovery Management" | FL *role*" show that the Legal Hold role is assigned to the Discovery Mgmt role Group? If so, then  you may need to assign the "Recipient Management" or "Help Desk" role to those users as well or if you wish
  to security trim their access, create a customized RBAC role for them.
  Alternatively, see if they can simply set litigation hold via Powershell with set-mailbox
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Dynamicaly manage role permissions using JAAS

  Hi All,
  I'm pretty much a newbie to JAAS and I need your help with the following requirement we have in our application.
  We have a set of predefined permissions that we know in development time and we can assign to EJBs. We need to be able to assign those permissions to roles in the organization through API in the application.
  We can't use simple role based security as the most granular actors in our application are roles, so we need to assign the permissions to the roles and not directly to the users (which are eventually assigned a role - managed in the customer user store).
  As I mentioned before, the permissions are a closed set and are not configurable. The only configuration is who gets those permissions, and that ability should be given to the Admin of our application.
  We considered using an hierarchy of roles, giving each logical role a set of permission-roles and use the standard role-based EJB security. For that we consider a custom login module to flatten the list of roles.
  Let me know what you think and if there's any best practice for such scenario.
  Just on thing. We want to stay in the JAAS realm as much as possible and avoid using some other security framework.
  Thanks,
  Eyal

  JHeadstart uses roles and permissions only for maintenance reasons (for example, to quickly assign a number of permissions to a user). In runtime, differences between roles and permissions are discarded and both are treated the same. So, it is then comparable to JAAS, which only distinguishes between users and roles (called groups in OID).
  The actual setup of the OID and JAAS is not part of JHeadstart. JHeadstart just uses the JAAS provider (when in JAAS mode) to check for the required roles (= permissions) for the current group.
  Paco van der Linden,
  JHeadstart Team.

• Managed Role Scope

  I learned that roles in DS are scoped to where they are created. Meaning if I create a managed role called role1 in ou=Roles,dc=sun,dc=com only entries (ie users and groups) under the ou=Roles branch will have visibility to role1. But since all my users are created underneath a different ou (ie ou=People), how do I get role1 to be visible to the users under ou=People? From a day's worth of reading, this doesn't seem possible. The only way around is to create the role under the ou=People branch. In this approach, all the member searches are behaving correctly. My concern is we will have thousands of roles, what's the scalability of having that many roles mingled with all 750,000 user entries under ou=People...
  Any help is appreciated!

  The problem with that is the nsRole virtual attribute never gets >calculated. While, the nsRoleDN will allow me to find all the roles for a >given user with a search filter like this:
  uid=user1 nsRoleDN
  I need the nsRole virtual attribute to find role members (all members >with a particular role)
  for example, using this search filter
  nsRole=cn=role1,ou=roles,dc=sun,dc=com
  to retrieve all members of role1. and this does not work unless role1 >was in the same scope as the user or aboveWhat about using
  nsRoleDN=cn=role1,ou=roles,dc=sun,dc=com
  It should return all members of role1. In the same time usage of on-the-fly computed nsRole attribute in searches isn't supported - please see Note 2 in the same link:
  http://docs.sun.com/source/816-5606-10/roles.htm#1117631