Exchange 2013 uses browser based Exchange Admin center for all administrative transitions / operations. I don't want to bore you with lot of details like split permissions, changes in Exchange server 2010 RTM/SP1 / SP3 and how we managed Mail enabled universal Security groups in EMC ...
In Exchange Server 2013 Exchange Org Admin / Recipient Admin cannot modify USG Ownership(Managedby) / Membership of mail enabled Universal security groups that they do not OWN in Exchange admin center (EAC) . following Error is logged If try to modify members or Owners ,
" You don't have sufficient permissions. This operation can only be performed by a manager of the group."
This behavior is by design in Exchange Server 2013 ( EAC), while modifying Security Group Owners/membership that they do not own. Only owners of a security group can add members to the Security Group or remove members from the security group using ECP/EAC.
The Workaround is to use Exchange Management Shell to update group membership / Ownership of mail enabled USGs using "BypassSecurityGroupManagerCheck" switch That Administrators do not Own.
A - To Add / Remove OWNERS of Mail enabled Security Group
Set-DistributionGroup "USGName" -BypassSecurityGroupManagerCheck -ManagedBy Ower1,Owner2,Owner3
Add-DistributionGroupMember -Identity "USGName" -Member User@domain.com -BypassSecurityGroupManagerCheck
Remove-DistributionGroupMember -Identity "USGName" -Member User@domain.com -BypassSecurityGroupManagerCheck
* NT System account credentials should be submitted to while modifying Membership/Ownership on a mail enabled Security group.