Question : Add-ADPermission -accessrights writeproperty -properties member ACCESS DENIED

Hi all I am running this command;

Add-ADPermission –identity <DistributionGroup> –User <owner> –AccessRights WriteProperty –Properties Member

using my admin account which is a member of;

Domain Admins
Enterprise Admins
Exchange Organisation Admins
Exchange PF Admin
Exchange Recipient Admins
Organization Management
Schema Admins

The account I am trying to give the permissions to has been made manager of the group through the GUI and is not in any protected groups and does not have inheritance blocked.

I am getting problem 4003 Access Denied.

I have tried using the full CN OU DC name for the group and it made no difference.

Whats up??

Cheers,
Sam.

Answer : Add-ADPermission -accessrights writeproperty -properties member ACCESS DENIED

Is this really the case?

* The current DC is not in the domain controller's OU

They do need to be, otherwise the Default Domain Controllers policy doesn't apply. You could like the policy elsewhere, but that's another of those that gets a big "we don't support that" flag from MS.

I'd fix that first since the policy controls access to the directory.

Any kind of replication errors are likely to be the cause of the problems with Exchange seeing the ACL changes. At least that's my theory.

Chris

Random Solutions

Symantec Corporate ver. 8, antivirus server service will not start

Hide/Unhide Objects through VBA

Do I need to run setup /ps and setup prepareAD if I am installing Excahnge 2010 into a an Excahnge 2007 organization? I insert the xch2010 on the new server and run teh comands there or on the D

Updating JAVA Control Panel settings.

create a for each loop for javascript in c#

How to print a form in a report one record at a time

search and replace

JQuery Modal Form