I am trying to assign the ability to various users to add/remove users from distribution list groups. The distribution groups are in Domain A and the users are in Domain B with two way trust (one forest).
If the user is in Domain A (same as the distribution list) I can add them to the exchange recipient adm group and they can use Outlook 2007 - start a new message - right click on a distribution list - select properties - modify members. This works.
However, if the user is in domain B this will not work. They get a "do not have sufficient permissions" error message. (Global Catalog read-only for objects). I have tried changing the distribution list security to give them full control. Added the user as "managed by - manager can update list". Added the user to the exchange Organization Adm group and they cannot modify the members of the distribution list as noted above. If I add active directory users and computers to a console for them they can modify members but I would rather not have them accessing users and computers.
It looks like AutoDL was used for a way around this up to Exchange 2003. Has anyone tried this with 2007?
Has anyone delegated across domains to allow users to modify members? Possibly via a third party tool?
February 3, 2009 5:48 PM
February 19, 2009 8:39 PM