Distribution lists and client permission for public folder

Posted on 2003-11-26
Medium Priority
Last Modified: 2009-09-08
Hi. I have a domain W2K in native mode and an Exchange 2000. I created many public folders when my domain was in mixed mode. I assigned permissions for each public folder to different user. I changed my domain in native mode and now i can give permissions to distribution list. Is there a way to assign permission only to distribution list bypassing users and permit them to use public folders? I have a lot of public folder and many users and changing permission when the users change group is hard (and it happens very frequently). So i can administer only distribution list permissions in public folder without change permissions for each user
Question by:doc1166
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 9825175
Yes this can be done.  What does happen though when you use a distribution list to identify permissions, by default it will change to a security group through AD.  This doesn't affect the ability to see it in the GAL or send e-mails.  If you have several users needing permissions to Public Folders it is much easier to maintain these by lists where you can just add/remove the user once.

Author Comment

ID: 9825480
I changed mode of my domain two weeks ago. So now i have "distribution group - universal" for my distribution list and "global group - security" for sharing resource. Now in a public folder where i'm owner, i removed all client permissions for users and i give supervisor permissions to an address assigned to a distribution group - universal. Users member of this gruop don't see public folder. How i do it?

Accepted Solution

kopplibj earned 750 total points
ID: 9825833
When you migrate to Exchange 2000 or introduce Exchange 2000 servers into your organization, Exchange Server distribution lists convert to Microsoft Windows 2000 Server universal distribution groups.
Using Exchange Server Distribution Lists

If an Exchange Server public folder access control list (ACL) contains a distribution list and the public folder is replicated to an Exchange 2000 server, the distribution list converts to a universal distribution group. However, to set permissions, Exchange 2000 uses Windows 2000 universal security groups instead of universal distribution groups.

If the server that is running Exchange 2000 is located in a Windows 2000 domain that is in native mode, the universal distribution group automatically converts to a universal security group when a user gains access to the public folder. However, if the server is located in a Windows 2000 domain that is in mixed mode, the conversion to a universal security group does not occur. Without a successful conversion of public folder permissions, all users lose access to the public folder.

Likewise, if you try to assign public folder permissions to a universal distribution group that was converted from an Exchange Server distribution list, the server that is running Exchange 2000 cannot create a universal security group and the following problems occur:
In System Manager, error number 80004005 appears and you receive the following message:

The operation failed.
In Microsoft Outlook, you receive the following error message:

The Client Operation Failed.
In Event Viewer, under Application, event number 9556 or 9552 appears.

Exchange 2000 users cannot see the public folder in Microsoft Outlook.

Make sure that your organization contains at least one native-mode Windows 2000 domain in which you can store and manage universal security groups. You can either convert an existing domain to native mode or create a new native-mode domain. Then configure a recipient Connection Agreement to replicate the Exchange Server distribution lists to the native-mode Windows 2000 domain.

Also, UDGs can only be converted to USGs if a domain RUS exists for the domain that contains the UDGs. If you install an Exchange 2000 server or an Exchange 2003 server into the native mode domain, then a RUS for that domain will be created automatically. Otherwise, you must manually create a domain RUS for the domain.


Author Comment

ID: 9927123
I converted all my universal distribution group in universal security group. Also I converted all my global security group in universal security group. After i merged all my old distribution group with old security group. Now i have only a type of group so i administer exchange permission on public folder in very easy way. It works fine. Thanx

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question