Migrating Distribution groups error

Similar Messages

• Exchange forward to distribution group error

  Hello
  I would like to create a forwarding rule on my Office365 Outlook account
  so that, when a new mail comes in with a certain pre-defined string in it (alert for a Sharepoint teamsite), it gets forwarded to every member of a distribution group. However I get the following error when submitting it, causing it not to take effect:
  There are multiple recipients matching the identity "HEDFIN mailinglist". Please specify a unique value.
  When following the specified "Click here for help", I get redirected
  to a TN Exchange Server 2013 Error Landing page with the following (error-message?) in the URL: e=ms.exch.err.Ex8155FB
  I'm trying to get a work-around for the fact that there is no possibility to set a global alert on a team sub-site. I'd like a mail to be sent to every user when
  anything changes on a subsite. So my work-around would be that I manually set my alerts on everything of every sub-site and then forward the mails I receive (from my own alerts) to the different distribution groups (groups with different users and their mail
  accounts) by filtering on the Subject (name of subsite).
  Is there any other way to do this without having our members set their alerts all manually? I found similar requests from a year ago but they haven't been solved
  yet.
  PS: I posted this same request yesterday as well, but for some reason the link doesn't work anymore and I can't seem to find it when using Search either.
  Regards
  Robin

  Hi Robin,
  I want to double confirm the E-mail Server, Office 365 or Exchange 2013?
  They are two different products, even if they are similar in many aspects.
  If we are using Office 365, I suggest asking Office 365 Forum for help, so that we can get more professional suggestions.
  For your convenience:
  http://community.office365.com/en-us/forums/default.aspx
  However, I still have some suggestions, maybe something silly, just for your reference:
  PLEASE MAKE A FULL BACK UP BEFORE PERFORMING FOLLOWING ACTIONS!
  1. Please do a full resync of on premise AD (what is not the very best solution with bigger customers)
  HKEY_LOCALMACHINE\Software\Microsoft\MSOLCoExistence
  Search FullSyncNeeded value and pass it to 1
  Initiating synchronization
  Launch the synchronization console:
  %programfiles%\Microsoft Online Directory Sync\DirSyncConfigShell.psc1
  Run the following command:
  Start-OnlineCoexistenceSync
  2. Better is to change the settings in MOP for every affected dirsynched user-change it to something abnormal and then back to the correct value.
  This triggers a repopulation of AD Property changes and fixes the MOP error.
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Single Mailbox receiving 432-4.3.2 STOREDRV; mailbox server is too busy error emailing distribution group

  I have a user who is trying to email a distribution group with approximately 185 recipients, 183 internal, and 2 external.
  The user is recieving message delayed/pending for some (but not all) of the recipients. Approximately 15 recipients have recieved the mail including the external recipients and did so shortly after the mail was sent, however, 168 recipients have not recieved
  the email and when I search for the mail in Message Tracking on the server, the pending recipients have the following error:
  Submitted
  04/12/2013 11:56 BTSDCAEXCMDB02.one.local
  The message was submitted to btsdcaexccas02.one.local.
  Group Expanded
  04/12/2013 11:56 btsdcaexccas02.one.local
  The list of members of the group "All TCP Users" was expanded so that the message can be delivered to each recipient.
  Pending
  04/12/2013 11:56 btsdcaexccas02.one.local
  The message has been queued on server 'btsdcaexccas02.one.local' since 04/12/2013 11:56:48 (UTC) Dublin, Edinburgh, Lisbon, London. The last attempt to send the message was at 05/12/2013 12:08:22 (UTC) Dublin, Edinburgh, Lisbon, London and generated the error
  '432-4.3.2 STOREDRV; mailbox server is too busy 432 4.3.2 STOREDRV.Deliver.Exception:StorageTransientException.MapiExceptionNotEnoughMemory; Failed to process message due to a transient exception with message Cannot set search criteria in SearchFolder. Try
  using fewer keywords at the same time, reducing the number of users in the From, To, Cc, and Bcc fields, and reducing the number of mailboxes that are searched at the same time. 16.55847:42000000, 17.43559:0000000090020000000000000000000000000000, 255.23226:2B0A0000,
  255.27962:30000000, 255.17082:F0030000, 0.27745:80030400, 4.21921:F0030000, 255.27962:FA000000, 255.1494:00000000, 255.1238:31000000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000,
  4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000,
  4.7155:F0030000, 4.7155:F0030000, 4.7155:F0030000, 4.6131:F0030000, 4.7728:F0030000, 0.59311:F0030000, 4.8112:F0030000, 255.1750:00000000, 0.26849:00000000, 255.21817:F0030000, 0.30353:00000000, 4.19089:F0030000, 0.18065:0E000000, 4.26257:F0030000'.
  05/12/2013 12:08 btsdcaexccas02.one.local
  Message delivery is taking longer than expected. There may be system delays. For more information, contact your helpdesk.
  Can anyone help as to what is going on here? This only seems to be affecting a single user, and it is intermittent as some recipients received the email, whilst others have not.

  Hi Leo,
  From your description, I recommend you refer to the following blog to set the values of MaxMailboxDeliveryPerMdbConnections and RecipientThreadLimit.
  Store Driver Fault Isolation Improvements in Exchange 2010 SP1
  http://blogs.technet.com/b/exchange/archive/2011/04/11/store-driver-fault-isolation-improvements-in-exchange-2010-sp1.aspx
  What's more, here is a thread for your reference.
  4.3.2 432 STOREDRV.Deliver; recipient thread limit exceeded
  http://social.technet.microsoft.com/Forums/exchange/en-US/3b097117-6eb7-4368-b45a-62a4cddf871b/432-432-storedrvdeliver-recipient-thread-limit-exceeded?forum=exchange2010
  Hope it helps.
  If there are any problems, please feel free to let me know.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Can't manage distribution group from Outlook with Exchange 2010 or Exchange 2013 mailbox

  Hi All,
  In my environment we are using exchange 2010 that contains the distribution groups which has been migrated from exchange 2003 environment .On that one of the distribution group is having an problem for the user who had an access to manage DL'S via outlook
  but he can't able to manage it.When we add the new user to manage same DL and the new user tries to manage the DL via outlook it happens without any issues. 
  issue occurs only for the user who has already have the manage access permission on the DL where the group was on exchange 2003 before migrated to exchange 2010.
  Reffered blog : http://support2.microsoft.com/kb/2586832?wa=wsignin1.0
  We have done all the settings defined on the above mentioned link but still we are facing the issue.
  In addition to that , we have forcefully upgraded the DL too by using the below mentioned command.
  set-distributiongroup -identity "name of the problematic DL" -forceupgrade
  Please all of you provide your valuable suggestions to overcome this issue .
  Error message :
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

  Hi S.Nithyanandham,
  From your description, I would like to verify if the problematic manager user is a member of security group. If yes, this issue will occur. In Exchange 2010, distribution groups can't be managed by groups, only individual users can manage groups. But in
  Exchange 2003, it is possible to use groups to manage a distribution group.
  For more information, here is a blog for your reference.
  How to manage groups with groups in Exchange 2010
  http://blogs.technet.com/b/exchange/archive/2011/05/04/how-to-manage-groups-with-groups-in-exchange-2010.aspx
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• "Active Directory operation failed on DC " when assigning Send As permissions on a distribution group

  I'm trying to give a mailbox user Send As right for a distribution group. But the cmdlet comes back with this:
  Get-DistributionGroup MyGroup | Add-ADPermission -user albert -ExtendedRights Send-As
  Active Directory operation failed on <DC fqdn>. This error is not retriable. Additional information: Access is denied.
  Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
      + CategoryInfo          : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
      + FullyQualifiedErrorId : FE24751F,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
  What could be the problem, considering the items below :
  - inheritance is not broken to the level of the distribution group object
  - the account used to run the cmdlet is a member of the Organization Management group
  - creating a new distribution group in the same OU and running the command works as expected; checking the permission for this group against MyGroup (using Get-DistributionGroup testgroup | Get-ADPermission | Sort-Object User,AccessRights | ft user,accessrights,extendedrights,properties)
  shows no differences.
  - adding the permission using ADUC results in the user being able to Send As the group, however I'm trying to find out the root cause of the Powershell cmdlet execution problem
  - there is no Deny permission on the group's ACL
  - the group didn't have the "Hide Membership" feature of Exchange 2003 applied, so there shouldn't be any non-canonical ACL issues

  Anyone ever come up with a solution to this?  I get something similar when Activesync tries to create objects on user containers.
  Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Test User,OU=Domain Users,DC=domain,DC=com" container under Active Directory user "Active Directory operation failed on DELL7S09.domain.com. This error is not retriable.
  Additional information: Access is denied.
  Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
  Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchActiveSyncDevices" and doesn't have any deny permissions that block such operations.
  Details:%3
  So...I get this after I introduced a MS Exchange 2010 SP3 RU8 server into my environment.  You can find LOTS of people suggesting the same fix but I've not found anything that deviates from those fixes:  check the "inherit permissions",
  and give full permis to msExchActiveSync devices for the Exchange Servers security group, blah blah.
  I got to this point by following a Migrate to Exch2010 paper by MS.  I have no Win2k servers, my old Exchange server is Win2003r2SP2 with Exch2003SP2 fully patched.  The Exch server is also a DC.  I installed a new 2012r2 server and then patched
  it.  Installed Exch2010SP3Ru8 and all seems well.  
  The old Exch2003 server is still in production.  My iPhone army connects remotely for mail, and all works great.  I created a new Test User in AD, gave it a mailbox on the 2003 server, and waited a bit.  It eventually shows up in the Server
  Manager on the new 2010 Exch Server.  I send it a bunch of emails, connect to it with an outook client on a Win7 machine, all works.  I go to the SM on the 2010 box and migrate the mailbox to the new server.  It works.  I can connect with
  outlook, send receive mail to other users in the org.  I then try to connect with my iPhone and I get the message in Event Viewer over and over.
  Went so far as to Promo the new 2012 server to a DC.  seems to be fine.  Now am wondering if I Demote the old Exch2003 server will it help...or cause a new crop of issues....

• Can't uninstall Exchange 2013 - (Distribution groups)

  I need help uninstalling Exchange 2013. The uninstaller fails with these 2 errors:
  This computer is responsible for expanding the membership of 1 distribution groups. These groups must be reassigned to another server before Setup can continue.
  This computer is responsible for expanding the membership of 1 dynamic distribution groups. These groups must be reassigned to another server before Setup can continue.
  I've gone so far as to disabling all distribution groups which removes its email properties and the uninstaller still fails.
  This is what happens in the eventlog:
  System.Management.Automation.ParseException: At line:1 char:67
  + Get-DynamicDistributionGroup | where {$_.ExpansionServer -eq '/o='s-Hertogenbosc ...
  +                                                                   ~~~~~~~~~~~~~
  Unexpected token 's-Hertogenbosch/ou=Exchange' in expression or statement.
  At line:1 char:175
  + ... s/cn=CADEXCDB13'}
  +                    ~~
  The string is missing the terminator: '.
  At line:1 char:38
  + Get-DynamicDistributionGroup | where {$_.ExpansionServer -eq '/o='s-Hertogenbosc ...
  +                                      ~
  Missing closing '}' in statement block.
     at System.Management.Automation.PowerShell.EndInvoke(IAsyncResult asyncResult)
     at Microsoft.Exchange.Configuration.MonadDataProvider.MonadPipelineProxy.ClosePipeline(MonadAsyncResult asyncResult)
  ] [ParentValue:"<NULL>"] [Thread:11] [Duration:00:00:00.0156248]
  I'm sure what happens here is the powershell commands looking at the distribution groups fail, because of our city name ('s-Hertogenbosch). Because of the apostrophe, the parameter is not passed successfully of this legacyExchangeDN. As this check fails,
  I believe the readiness check fails on these steps.
  This legacy administrative group name is still left from a 2003 -> 2010 -> 2013 migration.
  I've opened a Microsoft support request for this last week, but I thought someone might have dealt with this? I want to do a clean uninstall if possible.

  After I removed the distribution groups, I did restart the server.
  The problem is the the powershell script to check for existing distribution groups use a single quote to pass the server name to it. The server name contains a single quote itself so the parameter is not passed successfully.  If the powershell script
  used a double quote it would pass the parameter correctly.
  This works:
  Get-DistributionGroup | where ExpansionServer -eq "/o='s-Hertogenbosch/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CADEXCDB13"
  This does not work:
  Get-DistributionGroup | where ExpansionServer -eq '/o='s-Hertogenbosch/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=CADEXCDB13'
  Do you see the difference? (Parameter is passed in a single or double quotation)

• Cannot assign an email address to SharePoint group (distribution groups)

  Hello,
  I configured incoming email awhile back in our SharePoint 2010 environment and it works great. I can assign an email address to a list and the necessary contact is created in AD in the OU I configured for incoming email and of course the item emailed in
  is added to the list.  However, if I try to assign an email address to a SharePoint group to create a distribution group, the following happens:
  The following error has occurred while attempting to contact the Directory Management Service: The request failed with HTTP status 401: Unauthorized.
  From what I've found on Technet and other resources, if incoming email works as expected, assign an email address to a group should work without issue but this obviously isn't the case.  I've dug around in the 14 hive and pretty much the same exact error
  is found there (with just a little more detail):
  System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
  at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
  at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
  at Microsoft.SharePoint.DirectorySoap.SPDirectoryManagementProxy.CreateDistributionGroup(String Alias, String Name, String Description, String ContactCN, RequestInfo Info, DistributionGroupFlags Flags)
  at Microsoft.SharePoint.SPGroup.CreateDMS(String dlAlias, String friendlyName, String description, String[] members, String requestor, String justification, Int32& jobId)
  Any ideas what this could be?  I'd imagine the timer service account has the appropriate permission on the OU as it can create objects for lists with incoming email enabled without issue.

  For the issue with group members who are not added during the creation process ...
  I followed this Technet article : Configure
  incoming email for a SharePoint 2013 farm
  But in the paragraph "Configure AD DS to be used with Directory Management Service", I added
  delegation of control for the following common tasks :
  Create, delete and manage groups
  Modify the membership of a group
  The distribution group gets created in AD with members in SharePoint 2013 ! It should work with 2010 as well…
  PS : Do not forget to set up these rights, not only for the Central Administration Application pool Identity account, but for all
  your Web Applications!

• Tech Tip of the Week: Syncing Distribution Groups in Office 365

  Having trouble getting your distribution groups to sync when migrating to Office 365?
  We recently worked with a customer who had over 300 distribution groups that were not syncing to Office 365. Upon review, we noticed that the distribution groups did not have a Display Name.
  Here are the steps we took in order to resolve the problem:
  1. Open ADUC “Active Directory Users and Computers “On the top menu click on view and select Advanced Features.
  2. Find the Distribution List that is not syncing to your Office 365 tenant > right click the Distribution List > select Properties > click on the attribute editor tab.
  3. There are a couple attributes that must be filled out in order  for it to Synchronize to Office 365.
  Attributes: mail,
  displayName – if they do not have any data, fill it in. Once completed click ok.
  4. Open the MIISClient. This is located on your DIRSYNC Server. The default path is: “C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe”
  5. Click on Metaverse Search > input the following:
  Attribute: Mail
  Operator: Contains
  Value: 
  “Email Address of the DG”
  6. Once filled in click on search > double click the search results > click on the connectors tab. Note: If
  you only see SourceAD Management Agent, perform the following:
  7. Click on Management Agents > Right click SourceAD > click on Run > click on Full Import Stage Only > click on ok.
  8. Right click SourceAD > click on run > click on Full Sync > click on ok.
  9. Right click TargetWebService > click on Run > click on Full Confirming Import Stage > click on ok.
  10. Right click TargetWebService > click on Run > click on Full Confirming Sync > click on ok.
  11. Right click TargetWebService > click on Run > click on Export > click on ok.
  We hope you found this week’s Tech Tip useful! Do you have a problem you want us to solve in our Tech Tip of the week series? Let us know!

  Check to see that your remote session is still active, using Get-PSSession.

• Cannot manage Distribution group membership when two exchange accounts are configured in outlook.

  Hi,
  I am using outlook 2013 and my exchange server is 2013 too.
  I have a distribution group named "[email protected]" and my user "[email protected]" is moderator of this DL and i was able to add/remove members from this.
  Now, I own one more exchange account as "[email protected]" and i configured the same in outlook 2013 as an exchange account and what i see is i am unable to edit the DL  "[email protected]"
  My default account in outlook is "[email protected]" still i cant edit the DL. As i delete the account "[email protected]" from outlook or configures it ([email protected]) as an IMAP i am able to moderate "[email protected]".
  Any Clue ??? 
  Error message :- "Changes to the distribution list membership cannot be saved. You do not have sufficient permission to perform this operation on this object."
  My Exchange server 2013 and outlook both are having latest updates installed. Thanks.

  I have configured second account as Exchange only in the same Outlook profile. I don't want to switch my profiles to operate the either the accounts.
  Both the accounts are different and don't have any relevancy to each other. "[email protected]" and "[email protected]"
  What i suppose is, "[email protected]" is having permissions on the DL  "[email protected]"
  but "[email protected]" dosent have it. So when i edit "[email protected]" outlook is
  using "[email protected]" to edit it and not "[email protected]"

• Exchange 2003/2010 Co-Existence - Distribution Group Management

  We're running both exchange 2010 and Exchange 2003.  I have an issue where some distribution groups were upgraded to Exchange 2010 (v14.0.100) and the manager of those lists who are on Exchange 2003 can no longer modify members, they get the error:
  "Changes to the distribution list membership cannot be saved.  You do not have sufficient permission to perform this operation on this object".
  We've already implemented the myDistributionGroupsManagement role with success to allow Exchange 2010 users to manage their own list without allowing them to create new ones.
  http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx
  Trying to apply the "Default Role Policy Assignement" to the exchange 2003 users returns an error.  Is there any way Exchange 2003 users can manage Exchange 2010 Distribution list they owned without being upgraded to Exchange 2010?  If not, is
  there any way to downgrade distribution group to Exchange 2003 once they've been upgraded?

  Hi,
  From my lab, legacy exchange user can manage the distribution group which has been  upgrade to Exchange 2010.
  Exchange 2010 sp2, Exchange 2003 with sp2.
  I can add/remove member for distribution group from address book via outlook.
  Xiu Zhang
  TechNet Community Support

• Distribution Group manager can't modify group

  Setup
  MS Exchange 2010 version 14.3 (Build 123.4)
  Distribution Group is a Mail Universal Distribution which has less than 20 members total
  There are three managers in the "Managed By" listing.  Of these two can modify the list, the third cannot.  When the third manager tries to modify the list they get the following error:
  The Public Group cannot be displayed.  The connection to Microsoft Exchange is unavailable.  Outlook must be online or connected to complete this action.
  Note: The user is connected to the Exchange environment as evidenced by the "Connected to Microsoft Exchange" in the lower right portion of his Outlook 2010 window.  He is also hardwired into the network,
  ie no wireless connection.  He tried the going in through OWA and got the same error as above.  
  Any ideas on what I can check to see why this manager cannot modify the list whereas the other two can? 
  nc

  Hi ncouch55,
  If there are multiple GCs in organization, We could refer to the following link to choose the closest GC for the specific user:
  1). Click Start, and then click Run.
  2). In the Open box, type regedit.exe, and then click OK.
  3). Locate and then click the following key in the registry:
  HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider
  Note You may have to create the registry path.
  4). On the Edit menu, click Add Value, and then add the following registry value:
  Value name: GC Server
  Data type: REG_SZ (string)
  Value data: the FQDN of the closest GC server
  5). Quit Registry Editor.
  If the issue persist, we could clear manager on distribution group and re-grant permission to three manager.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim

• Dynamic Distribution Group via csv file and Recipient Filter

  Hello,
  I am trying to create powershell command that will read a CSV file for "Name" and "Dept" and create a Dynamic Distribution Group based on the following Recipient Filter.
  Import-CSV Dist.csv | ForEach-Object {New-DynamicDistributionGroup -Name $_.Name -RecipientFilter {((((((Department -like $_.Dept) -and (RecipientType -eq 'UserMailbox'))) -and (UserAccountControl -ne 'AccountDisabled, NormalAccount'))) -and (-not(Name -like
  'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')))}
  I keep getting an error that "Missing closing '}" in statement block Char:314.  I added a "}" at the end of the command but then the command fails to read the .csv file.
  Assistance would be greatly appreciated to determine what I am missing.  I have over 100 Dynamic Distribution list to create.
  Cheers

  You're definitely missing a closing curly bracket.
  You have a lot of superfluous parentheses in that expression.  You could certainly simplify it.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Custom Distribution Group management role (manager excpeiton)

  My organization is medium size with multiple support groups (15+) that each support a subset of users (350+). I want to create a management role that is scoped so each support group can manage the distribution groups in their respective OU space.
  By manage I mean edit the group membership. I realize I can achieve this with AD permissions but I’d like to achieve this in a way that leverages RBAC so the support groups can use OWA. I also want to leverage RBAC\OWA because not all my support groups are
  technical, some are office admins. Anyways, below is what I’ve tried in my lab scoped to one of my support groups.
  Using the cmdlets below I’ve created a custom management scope, role and group. However, this does not work. While it lets my sales support group view and edit some random attributes on the group, it fails when they try to edit the group membership. In other
  words, they can logon to OWA, click options\see all options\manage your organization\distribution groups\open the group\edit description etc. but when they select “Add…” under membership then select the user and hit ok\save they get the error “you don’t have
  sufficient permissions. this operation can only be performed by a manger of the group”.
  New-ManagementScope -Name “Sales Support DG MScope” -RecipientRestrictionFilter {RecipientType -eq "MailUniversalSecurityGroup"} -RecipientRoot “lab.com/sales”
  New-ManagementRole -name “Sales Support DG MRole” -Parent "Distribution Groups"
  New-RoleGroup -name “Sales “Sales Support DG MGroup” -Roles "Sales Support DG MRole" -CustomRecipientWriteScope "Sales Support DG MScope"
  When I do as the error asks (i.e. add my support user as a manager of the group via the EMC), then my support user is able to edit the group's membership in OWA. The problem with this solution is that it would require me to add my support users to my role
  group “Sales Support DG MGroup” AND as a manager of the DG and every DG that is created down the line. Not ideal. Any ideas, some RBAC magic I’m missing?
  Below confirms by scope.
  Get-Group -OrganizationalUnit “lab.com/sales” | ?{$_.RecipientType -eq "MailUniversalSecurityGroup"}
  Name DisplayName SamAccountName GroupType
  distro1 distro1 distro1 Universal, SecurityEnabled
  distro2 distro2 distro2 Universal, SecurityEnabled
  distro3 distro3 distro3 Universal, SecurityEnabled
  On a side note, I realize by sourcing my management role off of distribution groups gives me more cmdlets\access than my support group needs (see below). I’m first just trying to get it to work :).
  Get-ManagementRole “Sales Support DG MRole” | Get-ManagementRoleEntry | select name
  Name
  Add-DistributionGroupMember
  Disable-DistributionGroup
  Enable-DistributionGroup
  Get-ADServerSettings
  Get-AcceptedDomain
  Get-DistributionGroup
  Get-DistributionGroupMember
  Get-DomainController
  Get-DynamicDistributionGroup
  Get-Group
  Get-MailUser
  Get-Mailbox
  Get-OrganizationalUnit
  Get-Recipient
  Get-ResourceConfig
  Get-User
  New-DistributionGroup
  New-DynamicDistributionGroup
  Remove-DistributionGroup
  Remove-DistributionGroupMember
  Remove-DynamicDistributionGroup
  Set-ADServerSettings
  Set-DistributionGroup
  Set-DynamicDistributionGroup
  Set-Group
  Set-OrganizationConfig
  Update-DistributionGroupMember
  Write-AdminAuditLog

  Hello,
  I understand that you have create custom management scope for each group and assigned a custom role to it.
  But whenever user try to edit (add/remove membership ) ,it shows errors "you dont have sufficient permissions". I face similar problem when we move from 2007 to 2010, 2010 by default disabled editing options for Dl membership.
  You can enable it by Graphic mode or powershell. Would suggest that you have created custom role, you follow powershell mode. I had written a blog on that.
  Check below link. http://exchange2010cmd.blogspot.de/
  You have created new management role “Sales Support DG MRole”, but you need to assign this role to users/administrators in your case through role assignment policy.
  You can either use existing default policy or create new policy and assign this management role to it.
  Use below cmd: New-ManagementRoleAssignment -Role “Sales Support DG MRole” –Policy “Default Role Assignment Policy”
  NOTE: If you are creating new policy , place that name instead of default policy name".
  I recommend you continue with defalut policy. After this check with any admin, he should have rights to edit membership.
  Now, regarding your second concern, that your custon role has to many role entries.
  You can remove unwanted role entries.
  Use this cmd: Get-ManagemenRoleEntry “Sales Support DG MRole\*” | where{ $_.name –like “Set-distributionGroup” } | remove-managementroleentry
  Before linking management role to email policy, remove unwanted role entry from role.
  I tried to explain it in easy way, but still it is not understood, write back to me. I am new to technet forum, I started few days back replying to questions. If you get your answer,dont forget to propose it as answer.

• ActiveDirectory module doesn't support Contacts in Distribution Groups

  Hi,
  In my AD I have several groups, of the Distribution type, whose members are a combination of Contact objects and other Distribution groups.
  If I use the Get-ADGroupMember cmdlet, the members which are Contact objects are not returned.
  If I use the Add-ADGroupMember cmdlet to add a Contact object to a Distribution group, an error is thrown claiming the Contact object cannot be found (even though Get-ADObject finds it successfully).
  As a workaround I've used ADSI to retrieve the Distribution groups and manipulate the Contact members but I feel there is a bug with the ActiveDirectory PowerShell module artificially restricting which AD object types can be members of groups.
  Regards,
  Jason

  If you have Exchange,you may using cmdlet - Add-DistributionGroupMember or using adsi.
  $group = Get-ADGroup "CN=Contacts,DC=contoso,DC=com"
  $user = Get-ADObject -Filter {name -eq "Contact1"}
  $agroup = [ADSI]"LDAP://$($group.DistinguishedName)"
  $auser = "LDAP://$($user.DistinguishedName)"
  $agroup.Add($auser)

• Recreate an alias / distribution group that was deleted

  I had an allusers@ distribution group setup in Exchange 2010 so I can send an email to all of my users.  I never remember to add new people and found out about the Dynamic Distribution Group. 
  I deleted the old allusers@ in Exchange Management Console.  I recreated allusers@ with the "New Dynamic Distribution Group" wizard in EMC.  I get it to find all of the user names and I complete the creation.
  Now when I email [email protected] I get an undeliverable message with the following error:
  IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=[email protected] #550 5.1.1 RESOLVER.ADR.ExRecipNotFound;
  not found ##
  I tried restarting the server to refresh things and that didn't solve it. 
  I tried deleteing the Dynamic Group and recreating the normal ditribution group, but that failed again.
  Creating allusers2@ as a dynamic distribution group and emails are delivered.
  I went to allusers2@ properties and the E-mail addresses tab.  I add allusers@.  When I try to send to allusers@, it fails.
  Any advice how to get allusers@ to work?

  Thanks for your continued help in this.  I deleted the allusers@ reference in my auto complete and rebooted my PC.  I waited around 45 minutes before typing in [email protected]  allusers@ didn't work, but allusers2@ did.
  This server is a Small Business Server 2011.  It hosts Exchange 2011 and our Active Directory.  Sharepoint has been configured on it, but we haven't used it yet.
  Are they any other workarounds instead of clearing the whole autocomplete file.  Like I said, my users typically use it as their contact list and will be lost without it.
  Hi,
  Yes, you can add the old legacyExchangeDN as an X500 Emailaddress on the new group you created.
  In the NDR above we can see that the value for it would be:
  /o=FIRST ORGANIZATION/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=All23a
  Martina Miskovic