Groups-'Managed By' can change membership via Outlook?

Question

Hey there,

Our users manage their distrubution group members via Outlook. Using native AD tools, our service desk technicians are accustomed to having a checkbox underneath the 'Managed By' field that grants the individual/group the ability to add/remove users in Outlook. This checkbox is not present in the Adaxes tabbed views. Is there a script or settings we can tap into?

In a nutshell: If Managed By value is changed, then...
-- 1) Remove permissions for the previous 'Managed By' object
-- 2) Grant permission to add/remove users via Outlook to the new object (Group or User).

Thanks in advance!
Kirk

Comments

Hello Kirk,

At the beginning of the next week we will be releasing a minor update for 2012.1. We'll include this feature in that release.

Answer 1

Hello,

Today we released a minor update for 2012.1. Now your service desk technicians can enjoy the Manager can update membership list option ;)

You can download the latest build here.
Upgrade instructions.

Comments

How do we implement this? I see the "Manager can update membership using native tools (not Adaxes)", but I do not see where\how to set it up that the managers can update the membership lists.

Thanks

---

Hello,

The Manager can update membership using native tools (not Adaxes) option allows the Manager of a group to add or remove members to/from the group using native tools (including Outlook).

---

Understood. We do not have Exchange and we do not use Outlook. How do we set it up so that the users that are assigned as managers of groups have the rights to update those groups via Adaxes?

We are running version 3.3.8530.0 and we want our Help Desk and admins to use Adaxes for all AD modifications. We also want to be able to allow a user to modify the members of groups that they are managers of. I have seen a previous post that uses a Business Rule to fail the change unless the user is a manager of the group, but this would interfere with my Help Desk and Admins. Having an audit trail is important and being able to manage everything via Adaxes would be preferred.

---

Hello,

If you want group memberships to be modified by group managers, Help Desk personnel and Administrators, this is possible with a Business Rule, but please provide us with more information.

---

I think I am getting it now, but I would like to hear some recommendations

Currently:
The short list of domain admins are Adaxes admins.
Help Desk has been added to the built-in Group Managers and Account Managers roles with access to certain OUs

So I suppose I would either create a new role to allow group membership changes and allow all domain users. Then a business rule that would cancel the task if the initiator is not the manager of the group or not in the built-in Group Manager or Account Manager roles. Or instead of roles, if not in a member of the Help Desk group.

We are just getting started with Adaxes and this seems it may lead to some tricky details in the future.

My apologies to all. It seems that I have hijacked this thread. I had thought that the post by Eugene was indicating that there was a new option for what I needed.

Help is very much appreciated. Thank you

---

Hello,

So I suppose I would either create a new role to allow group membership changes and allow all domain users. Then a business rule that would cancel the task if the initiator is not the manager of the group or not in the built-in Group Manager or Account Manager roles. Or instead of roles, if not in a member of the Help Desk group.

Yes, both these options are possible to implement. If you want, we will provide you with more detailed instructions.