Exchange 2010 (SP1) Unable to Manage Distribution Groups

This entry was posted by on Thursday, 30 September, 2010 at

In Exchange 2010 you are able to manage distribution lists in Outlook Web App.
By design you are not able to modify the distribution groups where you are the owner from.

If you want that all the owners of a distribution list can manage there own distribution list follow the steps below. With the great feature RBAC (Role Based Access Control) in Exchange 2010 we are able to give the users the right permissions to manage there own distribution lists. So we have more time to drink coffee.

1. Create a new Custom Role based on the default ‘MyDistributionGroups’ Role.

[PS] New-ManagementRole -Name Custom_OwnerDistributionGroups -Parent MyDistributionGroups –Description “This role enables individual users to view distribution groups and add or remove members to distribution groups they own or add a Mailtip.”

Name: The Name parameter specifies the name of the role. The maximum length of the name is 64 characters. If the name contains spaces, enclose the name in quotation marks (“).
Parent: The Parent parameter specifies the identity of the role to copy. If the name of the role contains spaces, enclose the name in quotation marks (“). If you specify the Parent parameter, you can’t use the UnScopedTopLevel switch.
Description: The Description parameter specifies the description that’s displayed when the management role is viewed using the Get-ManagementRole cmdlet. Enclose the description in quotation marks (“).

2. Modify the new Custom Role.

Because we’ve made a new Role based on MyDistributionGroups we have to make change to we dont have the same settings as MyDistributionGroups. We remove the settings for make new distribution groups, Remove distribution groups and set group. These powershell commando’s are not availeble for those users if we remove them. We also make some changes to the powershell commando Set-distributiongroup. Now have the users the permissions to add or remove members from the distribution groups and make changes to the mailtip.

[PS] Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\New-DistributionGroup -Confirm:$false
[PS] Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Remove-DistributionGroup -Confirm:$false
[PS] Remove-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-Group -Confirm:$false
[PS] set-ManagementRoleEntry Custom_OwnerDistributionGroups\Set-DistributionGroup -parameter Confirm ,ErrorAction ,ErrorVariable ,Identity ,MailTip ,MailTipTranslations , OutBuffer ,OutVariable ,WarningAction ,WarningVariable ,WhatIf


3. Add the new Custom Role to the “Default Role Assignment Policy”

If you want that all people get these setting you must add the new role to the existing “Default Role Assignment Policy” which is applied to every one. You can also go to Outlook Web App change the “Default Role Assignment Policy” there.

[PS] New-ManagementRoleAssignment -Role VU_OwnerDistributionGroups -Policy “Default Role Assignment Policy”


4. Add the right owners to the distribution lists

Finaly you must add the owners to the distribution list so the owners can modify the members of the Distribution Group.

5. Outlook Web App

If the users logon into Outlook Web App they will see the next pages.


For more information see also the technet sites from microsoft:

Leave a Reply

You must be logged in to post a comment.