Allowing End-Users to Manage Distribution Group Membership in Exchange 2010
Creating and Assigning a Custom “Locked Down” Role
So, what if you only want users to manage the groups they own, and you do not want them adding or removing groups? Well, in that case you would need to create a custom role and add it to the Default Role Assignment Policy. The process for doing this is outlined in the following steps.
Step 1. First, we need to create a new child role based on the existing MyDistributionGroups role. I’ll call the role “DistributionGroupsOwner”, use the following syntax to create the role:Step 2. Next, we need to remove the New-DistributionGroup and Remove-DistributionGroup cmdlets from your new custom role. We’ll use the Remove-ManagementRoleEntry cmdlet to do this:Code:New-ManagementRole -Name DistributionGroupsOwner -Parent MyDistributionGroupsStep 3. Now that you’ve got the custom role created and customized to meet your requirements, we can assign it to the Default RoleAssignment Policy using the New-ManagementRoleAssignment cmdlet:Code:Remove-ManagementRoleEntry DistributionGroupsOwner\New-DistributionGroup -Confirm:$false Remove-ManagementRoleEntry DistributionGroupsOwner\Remove-DistributionGroup -Confirm:$falseCode:New-ManagementRoleAssignment -Role DistributionGroupsOwner -Policy "Default Role Assignment Policy"
- Other Apps