Hello all,
My question centers around the following error when setting the Managedby attribute in ADUCwithout checking the "Manager can update membership list" checkbox:
What I think is strange about this error is that the error occurs without the "Manager can update membership list" checkbox checked. Thus, to my knowledge, no changes to the ACL are being made to the group; the only thing that's happening is the"Managedby" attribute of the group is being changed.
Assuming no changes to the ACL are being made, here's the fun part. When a user with "Modify Permissions" rights on the group ACL changes the Managedby in ADUC (again, without the update membership checkbox being checked) there is no error. However, when a user who does not have "Modify Permissions" rights on the group ACL performs the Managedby change, it results in the above error but the changes still go through.
So my question is, even without the "Manager can update membership list" checkbox being checked, does updating the "Managedby" field in ADUC require an ACL change on the group somewhere? If not, why is the error being generated for a user without"Modify Permissions" rights? Am I missing something here?
