Mail-enabled universal security group vs AD security group
I have a questions regarding file permissions of folders and linking this with a distribution group using Exchange 2007. Please accept my apoligises if I have put this thread into the wrong section but I feel this may be the best section.
In our school we have a flat Windows 2008 AD domain with 2 DCs on a single forest and a 2008 File server. I am guessing most schools have this problem where the staff shared folder over time increases and becomes a mess. I am currently looking at sorting out this share where multiple users and groups currently save, delete and create documents on.
I want to change this to allow only certain groups to be able to save work on there. What would also be useful is if that same group could also be used as a distribution group for email. We use exchange 2007 on the network as well.
I wanted to ask what advantages and disadvantages are there for using 'mail enabled universal security groups' in Exchange 2007 which I think will allow me to use a group as a distribution list in Outlook as well as a AD security group to provide permissions for folders.
Would I be better of creating 2 groups with same name, one which will be a mail enabled distribution group for use with exchange and then create a normal security group in AD which would be used to lock down persmissions on files and folders.
The first option sounds great but I am thinking what effect would this have if we ever decided to remove exchange or upgrade exchange, what effect would this have with the folder permissions? if I used mail enabled universal security groups.
If anyone could advise that would be great. The first option would be better as it will save me creating duplicate groups and manually adding in members and it also means 1 group to manage for each department and team.