[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Distribution lists and client permission for public folder

Posted on 2003-11-26
Medium Priority
Last Modified: 2009-09-08
Hi. I have a domain W2K in native mode and an Exchange 2000. I created many public folders when my domain was in mixed mode. I assigned permissions for each public folder to different user. I changed my domain in native mode and now i can give permissions to distribution list. Is there a way to assign permission only to distribution list bypassing users and permit them to use public folders? I have a lot of public folder and many users and changing permission when the users change group is hard (and it happens very frequently). So i can administer only distribution list permissions in public folder without change permissions for each user
Question by:doc1166
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 9825175
Yes this can be done.  What does happen though when you use a distribution list to identify permissions, by default it will change to a security group through AD.  This doesn't affect the ability to see it in the GAL or send e-mails.  If you have several users needing permissions to Public Folders it is much easier to maintain these by lists where you can just add/remove the user once.

Author Comment

ID: 9825480
I changed mode of my domain two weeks ago. So now i have "distribution group - universal" for my distribution list and "global group - security" for sharing resource. Now in a public folder where i'm owner, i removed all client permissions for users and i give supervisor permissions to an address assigned to a distribution group - universal. Users member of this gruop don't see public folder. How i do it?

Accepted Solution

kopplibj earned 750 total points
ID: 9825833
When you migrate to Exchange 2000 or introduce Exchange 2000 servers into your organization, Exchange Server distribution lists convert to Microsoft Windows 2000 Server universal distribution groups.
Using Exchange Server Distribution Lists

If an Exchange Server public folder access control list (ACL) contains a distribution list and the public folder is replicated to an Exchange 2000 server, the distribution list converts to a universal distribution group. However, to set permissions, Exchange 2000 uses Windows 2000 universal security groups instead of universal distribution groups.

If the server that is running Exchange 2000 is located in a Windows 2000 domain that is in native mode, the universal distribution group automatically converts to a universal security group when a user gains access to the public folder. However, if the server is located in a Windows 2000 domain that is in mixed mode, the conversion to a universal security group does not occur. Without a successful conversion of public folder permissions, all users lose access to the public folder.

Likewise, if you try to assign public folder permissions to a universal distribution group that was converted from an Exchange Server distribution list, the server that is running Exchange 2000 cannot create a universal security group and the following problems occur:
In System Manager, error number 80004005 appears and you receive the following message:

The operation failed.
In Microsoft Outlook, you receive the following error message:

The Client Operation Failed.
In Event Viewer, under Application, event number 9556 or 9552 appears.

Exchange 2000 users cannot see the public folder in Microsoft Outlook.

Make sure that your organization contains at least one native-mode Windows 2000 domain in which you can store and manage universal security groups. You can either convert an existing domain to native mode or create a new native-mode domain. Then configure a recipient Connection Agreement to replicate the Exchange Server distribution lists to the native-mode Windows 2000 domain.

Also, UDGs can only be converted to USGs if a domain RUS exists for the domain that contains the UDGs. If you install an Exchange 2000 server or an Exchange 2003 server into the native mode domain, then a RUS for that domain will be created automatically. Otherwise, you must manually create a domain RUS for the domain.


Author Comment

ID: 9927123
I converted all my universal distribution group in universal security group. Also I converted all my global security group in universal security group. After i merged all my old distribution group with old security group. Now i have only a type of group so i administer exchange permission on public folder in very easy way. It works fine. Thanx

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question