GPOAdmin approval procedure
If workflow approval is enabled and approver accounts is member of Universal Distribution group. The approver can receive 'Approval Request Notification' e-mail to approve the request. However, there is no 'Approve' option if the approver right-click on the same GPO in GPOAdmin console.
Then if we connect to GPOAdmin with user ‘ABC’ who is member of Distribution group.
We will get message below:
"The user "Domain\ABC" does not have permission to connect to server"
This would not be expected to work. DLs for approvals are meant only for approval via email. As a DL is not a security group GPOADmin cannot use it to check permission / membership within the console. Thus, there is no way for the console to confirm the user is a member of the DL to confirm so they can approve.
If users approve via email you can use direct user approval, or a DL. If you wish to use the console for approvals you can use direct user approval, or a security group. The only option that works both ways is for an email enabled user to be added directly as an approver.
An option would be to use email enabled security groups. This would allow the users in the group to approve either though email or through logging into the console. This can only be done through security groups, not distribution groups.
MS Article on email enabled security groups:
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center