There are less than a dozen Management Policy Rules (MPRs) that control how group objects can be modified by self-service, administrators, or the synchronization engine. But when it comes to group management, almost every MPR is disabled by default:
To start with, let's take a look at the distribution groups.
The Financial Company only wants employees to be able to create static distribution groups. The following steps will be required to allow that:
Enable and change the MPR Distribution List management: Users can create Static Distribution Groups. The MPR allowing the creation of this type of group is Distribution List management: Users can create Static Distribution Groups:
The set called All Active People is the default value of Requestor. We need to change that to All Employees, or confirm that we have employees only:
Lets navigate over to the All Active People set and update the MPR to confirm that it only contains employees. As a note, we need to make...