WEBVTT 00:05.960 --> 00:14.630 Many organizations like to give specific users rights to manage the membership of designated distribution 00:14.630 --> 00:18.070 groups this has been a common practice for years. 00:18.070 --> 00:25.820 In previous versions of exchange while users have typically modified the memberships of the groups they 00:25.820 --> 00:29.190 have rights to from within Outlook. 00:29.240 --> 00:37.700 They now have the added capability to manage these groups from the web based exchange control panel 00:38.000 --> 00:47.540 ECP exchange 2010 introduced and use security Modahl that changed the way you can delegate these rights 00:47.850 --> 00:48.350 and. 00:48.490 --> 00:57.900 We'll take a look at what you need to do in exchange 2016 to allow managers to modify their memberships 00:57.900 --> 01:00.500 of the distribution groups. 01:00.500 --> 01:09.050 The first thing you need to do is sign the bill in my distribution group's role to the default role 01:09.140 --> 01:17.780 assignment policy to do list just type new management role assignment role model distribution groups 01:18.080 --> 01:21.850 policy default role assignment policy. 01:22.010 --> 01:30.560 Next set the managed by property of the distribution group that needs to be modified so that distribution 01:30.560 --> 01:35.720 Group Sales Manager by David Jones for example. 01:35.720 --> 01:44.480 After running the given command Dave Jones has the ability to modify the membership of the sales distribution 01:44.480 --> 01:53.720 group through the outlook or the Exchange management shell in order to allow managers to modify the 01:53.720 --> 01:55.390 membership of a group. 01:55.490 --> 02:02.630 We need to do some initial configuration through the exchange to solve and 16 security Modell which 02:02.630 --> 02:07.970 is called Roll based access control or are back there. 02:08.000 --> 02:16.040 My distribution group's role is on our back management role that allows users to view remove and add 02:16.040 --> 02:23.850 members to distribution groups where they have been added to the managed by property. 02:23.960 --> 02:33.260 By default my distribution group management role is not a sign to add one and the third step we added 02:33.290 --> 02:40.470 this role to the default roll assignment policy that is assigned to all users by default. 02:40.610 --> 02:47.220 Please know that in addition to you than the shell you can assign to my distribution group's management 02:47.220 --> 02:52.610 thrall to the default role assignment Bolasie you then ECP. 02:52.790 --> 03:01.870 Our next step was that we are scient user to the managed by property or the sales distribution group. 03:01.870 --> 03:09.460 They are managed by attributive multi-valued property that will accept multiple users. 03:09.530 --> 03:16.860 If you need to allow several people to manage a distribution group the reason that my distribution groups 03:16.860 --> 03:24.560 thrall is not enabled by default is because in addition to allowing users to modify the groups that 03:24.560 --> 03:31.650 they own it allows them to create new distribution groups from within the ECB. 03:31.790 --> 03:40.080 While some organisations may like this feature others may not be able to allow this since the provision 03:40.100 --> 03:43.760 of groups may need to be tightly controlled. 03:43.760 --> 03:48.470 Make sure you keep this in mind before implementing this solution. 03:48.560 --> 03:55.490 So if you need to program to use or thrown great in their own distribution groups then you do not want 03:55.490 --> 03:59.500 to sign my distribution group roll. 03:59.580 --> 04:04.230 Instead you'll need to create a custom are back role. 04:04.250 --> 04:05.920 This can be accomplished. 04:05.990 --> 04:13.430 Then they change management shell to implement a custom are back roll that will only allow users to 04:13.430 --> 04:20.050 modify distribution groups that they all need to perform a few steps. 04:20.060 --> 04:28.790 The first thing you need to do is create a child troll based on the existing My distribution group's 04:28.790 --> 04:33.140 management role when it to run a new management role. 04:33.200 --> 04:42.050 Command left his name parameter which is my DG cost him and current parameters which is my distribution 04:42.050 --> 04:42.870 groups. 04:42.920 --> 04:44.910 After running this command to me. 04:45.050 --> 04:53.180 Should should now have a new role called my Digic cost him that contains all the common outlets that 04:53.180 --> 05:00.280 will allow the user to add and remove distribution groups using the following commands will remove those 05:00.290 --> 05:10.120 command lets from the roll we can type remove management role and my Digic custom backslash new distribution 05:10.120 --> 05:19.460 group and remove management role and trade and we'll remove distribution group command let let's modify 05:19.720 --> 05:28.540 the role so that under the command glass that can get at or remove distribution group members are available 05:28.540 --> 05:29.640 to the users. 05:29.740 --> 05:36.500 And finally we can assign the customer all to the default role assignment policy reach out of the box 05:36.500 --> 05:41.750 is already applied to every mailbox and level going to real time. 05:41.950 --> 05:50.140 New management role assignment or all my Digic cost them all is the default role assignment policy. 05:50.200 --> 05:57.700 Now that these Kustom are back are all has been implemented we can simply add the users to that managed 05:57.700 --> 06:06.310 by property ovine and distribution group and they will be able to add members to add or remove members 06:06.310 --> 06:07.550 from that group. 06:07.690 --> 06:15.520 However they will be able to delete the group or create a new distribution group which accomplishes 06:15.610 --> 06:16.480 the goal.