How to Delegate Management of Distribution Group Membership to a User
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2008-01-30
This topic explains how to use the Exchange Management Shell to delegate the management of distribution group membership to a user.
|You cannot use the Exchange Management Console to perform this procedure.|
In Exchange 2007, the behavior of the Managed By property is different than in previous versions of Exchange. This property is an informational field that users see in Microsoft Office Outlook when viewing the properties of the distribution group. This property does not provide the user who is identified in the Managed By property with the ability to modify the members of that distribution group in Outlook. If you want to provide a user with the ability to modify distribution group membership, you must explicitly grant the required Active Directory directory service permissions by using the Add-ADPermission cmdlet. Specifically, this allows the user to modify the Member property of the distribution group.
To perform this procedure, the account you use must be delegated the following:
Exchange Recipient Administrator role
Account Operator role for the applicable Active Directory containers
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Run the following command:
Add-ADPermission -Identity <name of distribution group> -User <name of user> -AccessRights WriteProperty -Properties "Member"
For example, to grant John Smith the right to add members to the Marketing Department distribution group, run the following command:
Add-ADPermission -Identity "Marketing Department" -User "John Smith" -AccessRights WriteProperty -Properties "Member"
For detailed syntax and parameter information, see the following topics: