Wednesday, July 30, 2014

ManagedBy - You don't have sufficient permissions. This operation can only be performed by a manager of the group.

This is a gotcha when dealing with the "Managed By" attribute of mail-enabled security and distribution groups.  I found in my environment running Exchange 2013 SP1 that I am unable to change group membership by either using Exchange Management Shell (EMS) or Exchange Control Panel (ECP).  The account I was using was both a Domain Admin and a member of the Organization Management security group.

I attempted to add myself to a group called "Avantgarde Users" to the ManagedBy attribute using Exchange Control Panel however received the following error message:

You don't have sufficient permissions. This operation can only be performed by a manager of the group.


Using the Exchange Management Shell the same problem was experienced.


Using the exact same administrative account, I was able to perform this task using Active Directory Users and Computers.


Once I added myself through Active Directory users and computers, my account appeared under ownership in Exchange 2013 Exchange Control Panel as normal.

EDIT: If you use the -BypassSecurityGroupManagerCheck switch on the PowerShell command it will work.  In my opinion it seem silly to check if your a manager of the group especially if a group has no managers.

No comments:

Post a Comment