Apply multiple managed-by on distribution group
My questions:
1) Is it "expected" behavior that while I can assign a group to the "ManagedBy" property of distribution list, members of that group are still unable to edit the group membership? ...or is there a fix for the behavior I'm seeing?
2) Can multiple values be assigned to the "ManagedBy" property when using Set-DistributionList - ex: Set-DistributionList DLName -ManagedBy:user1,user2
3) Any other suggestions?
Thanks,
-Lance
1- Yes it is expected behavior. IF you goto EMC to add a user to managed-by property of a list, then EMC will only show you mailbox users to be added to managed-by property of the list. EMC wont show you D-lists to be added to managed-by
property of a D-list.
I have read somewhere that this behavior is to ensure that a loop is not created, where someone mistakenly adds the DL to managed-by property of itself.
2- Yes multiple users can be added using PS command like this.
Set-DistributionList DLName -ManagedBy user1@domain.com,user2@domain.com
3- My suggestion is to automate this process using Powershell scripting if you have large number of users to be added to managed-by property of DLs. You can somehow put user names in a csv file and then read that file to add them to managed-by of
DL. If this is the way you want to go, then open another thread in this forum, so that more people can participate in that thread reading the Title of the thread.
Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
Marked As Answer byRichard
Wang - MSFT<abbr class="affil" style="font-weight: inherit; font-style: inherit; font-family: inherit; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0.5em; outline-width: 0px; outline-style: initial; outline-color: initial; display:
inline-block; vertical-align: top; color: #000000; padding: 0px; border: 0px initial initial;">MSFT</abbr><abbr class="affil" style="font-weight: inherit; font-style: inherit; font-family: inherit; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left:
0.5em; outline-width: 0px; outline-style: initial; outline-color: initial; display: inline-block; vertical-align: top; color: #000000; padding: 0px; border: 0px initial initial;">, Moderator</abbr>Wednesday, June 30, 2010 9:24 AM
According to above suggestion frm Laeeq Qazi
I have large # of DL groups over 3000 and involves total 9000 managed-by record in csv (each admin in each row of csv) to apply.
I tried apply thr csv in powershell:
import-csv C:\Script\AddDistributionGroupOwnerList.csv | ForEach {Set-DistributionGroup -BypassSecurityGroupManagerCheck -Identity $_.GroupName -managedby
$_.ManagedBy}
However, it is overwritten existing managed-by and add last one only after applied.
Such as there are 3 managed-by users: UserA, UserB and UserC in group: group1
Finally, I found there is only UserC listed as managed-by in group1. Although UserA and UserB are added, finally is removed after applied UserC.
I don't really want to apply in PS command as Set-DistributionList DLName -ManagedBy user1@domain.com,user2@domain.com,
................................
It is really time consuming to organize and manually work to ready in such format
Pls help.
Tks a lot
August 17th, 2010 6:33am
Hi,
Kindly let me know if I get it right: single distribution list should be managed by more then 1 user, if thats the requirement then make a security group owner of that group & all the members of security group will be the owner of that group,
do let me know if I get it wrongly.Ripu Daman Mina | MCSE 2003 & MCSA Messaging
Free Windows Admin Tool Kit Click here and download it now
August 17th, 2010 3:37pm
Hi
Ripu, you are right. However, I don't want to keep DL group with ACL group (security group).
Actually, ACL group in my environment is control the access of mailbox.
And finally, I still have to apply that powershell script of those managedBy on ACL group. That script is same as applying on DL or security
group.
That concern is still exist.
August 18th, 2010 8:53am
This is a very old thread, but I just worked through this and it may be useful to others. My scenario was a csv file with group names and user names. The user names needed to be added as multiple users to manage groups, but in multiple iterations. As edomLD
mentions, this typically results in the last entry added as ManagedBy overwritting the previous. So, what you need to do is build an array of AD objects and use that to set the ManagedBy parameter.
Something like this:
$list=import-csv C:\AddDistributionGroupOwnerList.csv
Foreach ($i in $list) {
$grp=get-distributiongroup $i.groupname
$manage=$grp.managedby
$newuser=get-user $i.user
$newmanage=$manage+$newuser
Set-distributiongroup $.identity -managedby $newmanage -bypasssecuritygroupmanagercheck }
The csv file has one column labeled groupname and a second column named user. I'm sure this could be optimized a bit, but it gets the job done.
Byron Wright (http://byronwright.blogspot.com)
Free Windows Admin Tool Kit Click here and download it now
August 18th, 2011 4:47am
This is again an old thread but I'm hoping someone is watching. I have found that I can set multiple managedby users however only one goes into the managedby attribute as it's single-valued. The rest of them go into the msExchCoManagedBy attribute. I read
another old short thread that the managedby is there for backward compatibility and all future managers should go into the back-linked attribute for the co-managed by.
The user template for the GAL is set up to display the managedby attribute but the msExchCoManagedBy attribute is available for displaying. What I would really like to do is use the managedby attribute to denote "owner" and the msExchCoManagedBy attribute
to show other "co-owers" for the list.
Currently users in either attribute have the ability to manage the list through Outlook. The problem I'm having is that I can't specify which users go into each attribute. I just want to specify who is primary on the list.
Perhaps since it has been a while, someone has found a way to specify the "co-managed by" attribute using PowerShell.
January 18th, 2012 5:13pm
We have the same need as dlmillen. When there are multiple users with "managedby" rights, we need to know how to designate which one is displayed in the "Owner" field when viewing the properties of the distribution group in the
GAL. Hope someone can provide this information.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 7:18am
Hi, dlmillin
I think I have the answer you are seeking. When issuing the Set-DistributionGroup command set -ManagedBy for multiple users, the first user ID that is entered in the string will be used for the ManagedBy property (and appear
as the "Owner" in the GAL) and the remaining users will be placed in the "msExchCoManagedBy" AD property. In other words, using the following command will place User1 in the -ManagedBy property and User2, User3 will be go into the "msExchCoManagedBy" field.
Set-DistributionGroup -Identity "Sales Department" -ManagedBy "User1",”User2”,”User3"
January 20th, 2012 10:26am