+ Post New Thread
Results 1 to 5 of 5
Windows Thread, Mail-enabled universal security group vs AD security group in Technical; Hi I have a questions regarding file permissions of folders and linking this with a distribution group using Exchange 2007. ...
  1. #1
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25

    Mail-enabled universal security group vs AD security group

    Hi

    I have a questions regarding file permissions of folders and linking this with a distribution group using Exchange 2007. Please accept my apoligises if I have put this thread into the wrong section but I feel this may be the best section.

    In our school we have a flat Windows 2008 AD domain with 2 DCs on a single forest and a 2008 File server. I am guessing most schools have this problem where the staff shared folder over time increases and becomes a mess. I am currently looking at sorting out this share where multiple users and groups currently save, delete and create documents on.

    I want to change this to allow only certain groups to be able to save work on there. What would also be useful is if that same group could also be used as a distribution group for email. We use exchange 2007 on the network as well.

    I wanted to ask what advantages and disadvantages are there for using 'mail enabled universal security groups' in Exchange 2007 which I think will allow me to use a group as a distribution list in Outlook as well as a AD security group to provide permissions for folders.

    Would I be better of creating 2 groups with same name, one which will be a mail enabled distribution group for use with exchange and then create a normal security group in AD which would be used to lock down persmissions on files and folders.

    The first option sounds great but I am thinking what effect would this have if we ever decided to remove exchange or upgrade exchange, what effect would this have with the folder permissions? if I used mail enabled universal security groups.

    If anyone could advise that would be great. The first option would be better as it will save me creating duplicate groups and manually adding in members and it also means 1 group to manage for each department and team.

    Thanks

  2. #2

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    This is exactly what they are used for. Use one mail-enabled security group for ACL and mail. If you decomm Exchange only those attributes will be moved the group, the ACL will still be applied.

    Sukh

  3. Thanks to sukh from:

    ranj (21st April 2011)

  4. #3
    ranj's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    730
    Thank Post
    98
    Thanked 42 Times in 32 Posts
    Rep Power
    25
    Quote Originally Posted by sukh View Post
    Hi

    This is exactly what they are used for. Use one mail-enabled security group for ACL and mail. If you decomm Exchange only those attributes will be moved the group, the ACL will still be applied.

    Sukh
    Thats great, thanks for that Sukh. Am I right in saying that if I am creating mail enabled security groups I need to create these in Exchange MMC and not AD users and computers?
    I just tried to create a test group in AD groups and it didnt appear in exchange distribution group even though I set the AD group to universal security and added in an email address.

  5. #4

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,137
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    Generally I would only create the groups and mail enable from EMC or EMS.

    Key is to have universal.

    Sukh

  6. #5

    Join Date
    Feb 2006
    Location
    South Cumbria
    Posts
    199
    Thank Post
    26
    Thanked 29 Times in 24 Posts
    Rep Power
    22
    Mail enabled security groups work fine as long as you are sure that you want all members of the security group to be on the distribution list. We have hit problems where additional members of staff (cover teachers, supply staff, students etc) require access to some of the restricted folders but do not want to be on the departmental distribution list. This means they have to be added - and removed - manually on each folder instead of just being made members of the security group

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 27th January 2011, 12:06 PM
  2. Find security group usage in shares
    By teejay in forum Windows
    Replies: 2
    Last Post: 13th August 2010, 09:21 AM
  3. Disk Quotas by security group?
    By Crispin in forum Windows Server 2008
    Replies: 8
    Last Post: 26th August 2009, 09:01 PM
  4. security filtering on group policies.
    By browolf in forum Windows
    Replies: 8
    Last Post: 6th August 2008, 10:18 PM
  5. Filter applications by security group
    By cookie_monster in forum Windows
    Replies: 16
    Last Post: 9th March 2008, 04:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •