When trying to edit the membership rules of a dynamic group you are unable to modify the rules, unless you the person who created the group.
The following error message is shown "Failed to modify the object CN=GroupName,OU=ouName,DC=domainname". 'Built-in Policy - Group Family' failed to apply Group Family processing options. Attempted to perform an unauthorized operation.
One possible cause for this could be that the account being used to change the membership rules is not an ActiveRoles Admin.
Please verify the registry setting by following the following procedure:
You can change the group granted the ActiveRoles Admin role by updating the DSAdministrators registry key on the computer running Quest ActiveRoles Administration Service:
HKEY_LOCAL_MACHINE | SOFTWARE | Aelita | Enterprise Directory Manager | DSAdministrators
Set the value of the key to the name of the required group or user.