Controlling the Distribution Group managedBy Attribute or Who Wants All These Emails?

Most of you probably know the ‘owner’ of a distribution group displayed in Outlook, Outlook Web App, and Active Directory Users and Computers (ADUC) is the managedBy attribute. What you may not know is that the managedBy attribute is a singled valued attribute. A Distribution Group can have multiple owners so where are the rest? The additional owners are in the multi-valued attribute msExchCoManagedByLink. Accept for the exposure of the managedBy attribute in the GUI, they are all the same. So, who cares? Well, the person exposed as the ‘owner’ is the lucky one who gets all the inquires about group membership etc.

Historically (prior to Exchange 2010) the usual solution was to put a Group in the managedBy attribute and put the owners in that group. With Exchange 2010, that was no longer allowed. The Attribute had to contain individual Mailboxes. The Exchange Team issued a script Set-DistributionGroupOwners.ps1. It enumerated the group membership and put the individual users (mailboxes) in the managedBy and msExchCoManagedByLink attributes. The script worked well and is still downloadable from Microsoft – Technet. It did create an issue, in that the user that wound up in the managedBy attribute was basically the first user that enumerated in the group expansion and that was pretty much impossible to control.

The solution was a Powershell Cmdlet I created that could be inserted in the Exchange Team script and shuffle the users around, moving the desired user to the managedBy attribute. That Cmdlet, as Set-DistributionOwner, was created in 2014. It was never publicly available.

Exchange 2013 Sp1 reversed the ‘no groups’ decision and the Exchange Team script fell out of use at least for my clients. To a certain extent controlling the managedBy user became less of an issue — but not completely. Some places still care who shows as the owner. I updated the Cmdlet to work outside the script as Set-DistributionGroupPreferredOwner for use in Exchange 2013, 2016, and O365. I have not tried it in 2019 but I see no reason it should not work.

The Cmdlet is written in VB .Net – unusual these days since everything seems to be written in C#. I will be publishing the source is on this site, or my VB site, along with installation instructions. I will also be putting it on GitHub for download. I may also sign the DLL to make running it easier.

I will keep you posted on the progress. It is not at the top of my ‘to-do’ list so if anyone has a specific interest, you may want contact me directly.

Nick

Leave a Comment