• State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 63 subscribers
  • Views 11222 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow DL owners to add/remove members

ldandridge
over 6 years ago

We have thousand's of DL's and want to allow owners to change membership with the ARS web interface. (we are on ver 6.9) We are in the process of moving to o365 and once a user's mailbox is moved to the cloud he cannot manage the on-prem group through Outlook. I have some users that have the add/remove option on the web page and others that do not.

     Is there a template I can use for this? And how can I export all the ARS settings being applied to a user so I can compare a working vs non-working user?

Thanks,

Leednc

Parents
  • 0 over 6 years ago

    The simplicity of delegating group management permissions depends on whether you have populated the ManagedBy AD attribute and/or the SecondaryOwners AR Virtual attribute on your groups. If these are in place, then you easily delegate group membership management using a built-in access template (Manage Group Membership) using the above mentioned built-in AR security principals as the Trustees.

    As far as comparing permissions between users, you need to consider two things:

    1) Examining the delegations on the OUs containing your groups
    2) Comparing the group memberships of the users in question and how they stack up against the groups delegated to manage groups

    As for an automated mechanism for performing the checks, Powershell would be your friend. For item 1, the Get-QARSAccessTemplate link cmdlet can help you audit the permissions. For the other, a simple script that can compare the group memberships between users will do the trick.

Reply
  • 0 over 6 years ago

    The simplicity of delegating group management permissions depends on whether you have populated the ManagedBy AD attribute and/or the SecondaryOwners AR Virtual attribute on your groups. If these are in place, then you easily delegate group membership management using a built-in access template (Manage Group Membership) using the above mentioned built-in AR security principals as the Trustees.

    As far as comparing permissions between users, you need to consider two things:

    1) Examining the delegations on the OUs containing your groups
    2) Comparing the group memberships of the users in question and how they stack up against the groups delegated to manage groups

    As for an automated mechanism for performing the checks, Powershell would be your friend. For item 1, the Get-QARSAccessTemplate link cmdlet can help you audit the permissions. For the other, a simple script that can compare the group memberships between users will do the trick.

Children
No Data