Question : Add-ADPermission -accessrights writeproperty -properties member ACCESS DENIED

Hi all I am running this command;

Add-ADPermission –identity <DistributionGroup> –User <owner> –AccessRights WriteProperty –Properties Member

using my admin account which is a member of;

Domain Admins
Enterprise Admins
Exchange Organisation Admins
Exchange PF Admin
Exchange Recipient Admins
Organization Management
Schema Admins

The account I am trying to give the permissions to has been made manager of the group through the GUI and is not in any protected groups and does not have inheritance blocked.

I am getting problem 4003 Access Denied.

I have tried using the full CN OU DC name for the group and it made no difference.

Whats up??

Cheers,
Sam.

Answer : Add-ADPermission -accessrights writeproperty -properties member ACCESS DENIED

Is this really the case?

* The current DC is not in the domain controller's OU

They do need to be, otherwise the Default Domain Controllers policy doesn't apply. You could like the policy elsewhere, but that's another of those that gets a big "we don't support that" flag from MS.

I'd fix that first since the policy controls access to the directory.

Any kind of replication errors are likely to be the cause of the problems with Exchange seeing the ACL changes. At least that's my theory.

Chris

Random Solutions

How do I add a comment to a record?

Using Calendar Control 11.0 in Access 2003 on a Tab Control on a Form

How do I save incoming email attachments into a specific folder?

Turning off Taskbar Thumbnails in Windows 7

When trying to install Windows XP SP3, I get access denied error.

Migrating blackberry enterprise server express form sbs 2003 to sbs 2008

vbscript problem, copying normal.dotm is overwritten by the outlook initial config wizard

How do I give user a choice to run a query filtered by either one group or showing all groups?

Commit Data on lost focus