Distribution Group Management Across Exchange Server Versions

  • Article

How to manage distribution groups across different versions of Exchange?  It’s a great question!  Our resident Exchange expert Frank Plawetzki bei Deutschland takes us through this issue.  Read on !

Issue:

Imagine an Outlook user who tries to edit the membership attribute of a distribution list he owns. Actually the distribution list is a universal security group and the user mailbox is located on Exchange server 2010 or 2013.

After trying to edit the membership list, the client is getting the error “Changes to the distribution list membership cannot be saved. You do not have sufficient permissions to perform this operation on this object”:

Changes To The Distribution List Membership Cannot Be Saved

Cause:

This is happening, because the distribution group the user wants to modify was created on Exchange server 2007. Therefore the distribution group has this Exchange legacy version:

Checking Exchange Version Of Distribution Group

Exchange server 2010 introduced Role Based Access Control (RBAC) and since the server tries to perform the distribution group modification on behalf of the client, it cannot perform this because Exchange trusted subsystem cannot modify those legacy objects.

This falls under the rule that you should use Exchange 2007 administrative tools to modify Exchange 2007 objects and use Exchange 2013 administrative tools to modify Exchange 2013 objects and so on which is mentioned in this Exchange help file article:  FAQ: Exchange Admin Center

Solution:

In order to solve this issue, you need to update the distribution group to a modern Exchange version. Use  Exchange server 2010 or 2013 PowerShell  which can update the Exchange version attribute of the distribution group:

Running Set-DistributionGroup To Update Version Of A DG

As a result, the distribution group now shows the correct version and the client will be able to modify the distribution group after AD replication is finished:

Running Get-DistributionGroup To Check Version Of A DG

Please be aware, that upgrading the Exchange version of an object is a one-way-street.   After you upgrade the Exchange version of this distribution group, it cannot be managed or downgraded to the Exchange 2007 level with the Exchange 2007 admin tools anymore:

Trying To Manage Upversion DG From Exchange 2007 - #Fail

The same holds true where a user with an Exchange 2007 mailbox cannot modify the distribution group membership of an Exchange 2010 or 2013 version distribution group.

Important note:

Is case you are still using the “Closest GC” registry key on your Outlook client, please remove it, because it is not supported for Exchange server 2010 or later versions and will cause issues, even preventing Outlook connectivity to Exchange server 2013. For details, see:

How to configure Outlook to a specific global catalog server or to the closest global catalog server

Posted by MPSE editor Rhoderick Milne.  Note there is not a single mention of Distribution List in this article.  Getting folks to call them DGs as opposed to DLs will be my New Years resolution methinks!!