Saturday, January 25, 2014

You do not have sufficient permissions to perform this operation on this object - Exchange Server Distribution Group Upgradation

You do not have sufficient permissions to perform this operation on this object - Exchange Server Distribution Group Upgradation

Whenever you upgrade Exchange 2003 or 2007 to Exchange 2010 or 2013.

1. The migrated distribution when you try to modify it throws error message as "Changes to the distribution list membership cannot be saved. You do not have sufficient permissions to perform this operation on this object"

2. You cannot manage things like message moderation and membership approval

Although the distribution groups resides in Active Directory the RBAC which was introduced in Exchange server 2010 and 2013 will cannot able to modify the Exchange 2007 or 2003 objects.

The Exchange version of distribution groups can be found using the powershell command

Get-DistributionGroup | fl ExchangeVersion, Expansionserver

Inorder to upgrade the Exchange server distribution group - Open the latest Exchange Management Shell in the latest version of Exchange Server (i.e 2010 or 2013) and run the following commands

Set-DistributionGroup

or

Set-DistributionGroup –id -ForceUpgrade

if it fails may the group will not be universal. Change it to universal using the following command and then execute the above command

Get-DistributionGroup –id | Set-Group -Universal

Then again run the following Powershell command to verify the Exchange version of Distribution group

Get-DistributionGroup | fl ExchangeVersion, Expansionserver

Note:

When you upgraded to Exchange 2010 or 2013 you will not able to downgrade to 2007 or 2003
User who are in legacy version of Exchange server can't modify or be owner for higher version of distribution group.
If you are migration only from Exchagne 2010 SP3 to Exchange 2013 then we don't need to perform above operation or else need to follow the above steps.

Also there is a script called Manage-GroupManagementRole.ps1. (http://gallery.technet.microsoft.com/scriptcenter/8c22734a-b237-4bba-ada5-74a49321f159)

http://blogs.technet.com/b/exchange/archive/2009/11/18/3408844.aspx

1. Creates a new RBAC role that is a child of the MyDistributionGroups Role
2. Removes the cmdlets remove-distributiongroup and new-distributiongroup from the new role that was just created.
3. Assigns the new role to the Default Role Assignment Policy

No comments:

Post a Comment

The blog is written to the share the knowledge mainly on Microsoft Exchange Server and other Microsoft product that experienced on day-to-day life.