One of the downsides to Hybrid Exchange is moving a mailbox to Exchange Online and no longer being able to manage Distribution Groups. One solution I have found allows the cloud mailboxes to login to On-Prem ECP and manage the distribution groups they own from a web browser.
From the Exchange Management Shell On-Prem you will need to create a new RBAC Role and modify the permissions to allow only update distribution group member and add distribution group member.
|
1 2 3 4 5 6 7 8 |
New-ManagementRole -Name "Manage-MyDGs" -Parent "Distribution Groups" Get-ManagementRoleEntry "Manage-MyDGs\*" | Where {$_.Name -ne "Get-Recipient" -and $_.Name -ne "Update-DistributionGroupMember" -and $_.Name -ne "Add-DistributionGroupMember"-and $_.Name -notlike "Get-*Group*"} | Remove-ManagementRoleEntry -Confirm:$false New-RoleGroup -Name "Self-Managed Distribution Group Management" –Description "Members of this management role group can update the members of groups they are the managers of." -Roles "Manage-MyDGs" Set-ManagementRoleAssignment "Manage-MyDGs-Self-Managed Distribution Group Management" -RecipientRelativeWriteScope MyDistributionGroups |
Now you can add a user to the role group:
|
1 2 |
Update-RoleGroupMember "Self-Managed Distribution Group Management" -Members "Mark", "Jane", "Mary", "Fred" |
The user can then login to the Exchange Admin Center search for the group they own and modify the members:
If they try and modify a group they are not an owner for it will not allow them to save the changes:
