The Secrets of Exchange Distribution Group Manager
Hi All,
I write this Article about Distribution Group Manager in Exchange Server for two reasons
- First: I want to point out, how it’s represented in Exchange Server and actually stored in Active Directory
- Second: I’ll explain why Exchange Online Users can’t manage Group Members in Outlook anymore
This is absolutly not anything new. Distribution Group Manager exists at least since Exchange Server 2010 or maybe even longer - honestly i don’t remember
Distribution Group Manager
On a Distribution Group, you can add multiple Owners like shown in the Example of Exchange Admin Center below
You can use the Get-DistributionGroup commandlet and expand the ManagedBy Property to list the Managers
Get-DistributionGroup -Identity Group_U_Distribution | select -ExpandProperty ManagedBy
When you look in Active Directory, you can see that the Managers are stored in two AD Attibutes:
- managedBy (single value string)
- msExchCoManagedByLink (multi value string)
Let’s have a look with the Active Directory PowerShell Module and the Get-ADGroup commandlet
Get-ADGroup -Identity Group_U_Distribution -Properties * | Format-List ManagedBy, msExchCoManagedByLink
Let’s add a Manager with the Set-DistributionGroup -ManagedBy
Set-DistributionGroup -Identity Group_U_Distribution -ManagedBy @{Add="a.bohren@icewolf.ch"}
Get-DistributionGroup -Identity Group_U_Distribution | select -ExpandProperty ManagedBy
Let’s have a look with the Active Directory PowerShell Module and the Get-ADGroup commandlet
Get-ADGroup -Identity Group_U_Distribution -Properties * | Format-List ManagedBy, msExchCoManagedByLink
Remove a Group Manager with the following Exchange Command
Set-DistributionGroup -Identity Group_U_Distribution -ManagedBy @{Remove="l.angel@icewolf.ch"}
Get-DistributionGroup -Identity Group_U_Distribution | select -ExpandProperty ManagedBy
Let’s have a look with the Active Directory PowerShell Module and the Get-ADGroup commandlet
Get-ADGroup -Identity Group_U_Distribution -Properties * | Format-List ManagedBy, msExchCoManagedByLink
Add a Group Manager with the following Exchange Command
Set-DistributionGroup -Identity Group_U_Distribution -ManagedBy @{Add="l.angel@icewolf.ch"}
Get-DistributionGroup -Identity Group_U_Distribution | select -ExpandProperty ManagedBy
Outlook
If you are a Group Manager and the Mailbox is OnPrem, you can add or remove Group Members with Outlook
Exchange Online
If your Mailbox is in Exchange Online, you can’t add or remove Group Members even if you are a Group Manager. You will end up with the following Error Message:
Changes to the public group membership cannot be saved. You do not have sufficient permission to prform this operation on this object.
As you can see in the Graphic of Entra Connect Sync - it’s a one way sync from Active Directory to Entra ID
You might want to notice that there is a Preview for Security Groups. As fas as i know, this does not work currently for Distribution Groups - at least not with full writeback to Active Directory.
Regards
Andres Bohren
Exchange Logo M365 Logo
