Distribution lists and client permission for public folder

Posted on 2003-11-26
Last Modified: 2009-09-08
Hi. I have a domain W2K in native mode and an Exchange 2000. I created many public folders when my domain was in mixed mode. I assigned permissions for each public folder to different user. I changed my domain in native mode and now i can give permissions to distribution list. Is there a way to assign permission only to distribution list bypassing users and permit them to use public folders? I have a lot of public folder and many users and changing permission when the users change group is hard (and it happens very frequently). So i can administer only distribution list permissions in public folder without change permissions for each user
Question by:doc1166
  • 2
  • 2

Expert Comment

ID: 9825175
Yes this can be done.  What does happen though when you use a distribution list to identify permissions, by default it will change to a security group through AD.  This doesn't affect the ability to see it in the GAL or send e-mails.  If you have several users needing permissions to Public Folders it is much easier to maintain these by lists where you can just add/remove the user once.

Author Comment

ID: 9825480
I changed mode of my domain two weeks ago. So now i have "distribution group - universal" for my distribution list and "global group - security" for sharing resource. Now in a public folder where i'm owner, i removed all client permissions for users and i give supervisor permissions to an address assigned to a distribution group - universal. Users member of this gruop don't see public folder. How i do it?

Accepted Solution

kopplibj earned 250 total points
ID: 9825833
When you migrate to Exchange 2000 or introduce Exchange 2000 servers into your organization, Exchange Server distribution lists convert to Microsoft Windows 2000 Server universal distribution groups.
Using Exchange Server Distribution Lists

If an Exchange Server public folder access control list (ACL) contains a distribution list and the public folder is replicated to an Exchange 2000 server, the distribution list converts to a universal distribution group. However, to set permissions, Exchange 2000 uses Windows 2000 universal security groups instead of universal distribution groups.

If the server that is running Exchange 2000 is located in a Windows 2000 domain that is in native mode, the universal distribution group automatically converts to a universal security group when a user gains access to the public folder. However, if the server is located in a Windows 2000 domain that is in mixed mode, the conversion to a universal security group does not occur. Without a successful conversion of public folder permissions, all users lose access to the public folder.

Likewise, if you try to assign public folder permissions to a universal distribution group that was converted from an Exchange Server distribution list, the server that is running Exchange 2000 cannot create a universal security group and the following problems occur:
In System Manager, error number 80004005 appears and you receive the following message:

The operation failed.
In Microsoft Outlook, you receive the following error message:

The Client Operation Failed.
In Event Viewer, under Application, event number 9556 or 9552 appears.

Exchange 2000 users cannot see the public folder in Microsoft Outlook.

Make sure that your organization contains at least one native-mode Windows 2000 domain in which you can store and manage universal security groups. You can either convert an existing domain to native mode or create a new native-mode domain. Then configure a recipient Connection Agreement to replicate the Exchange Server distribution lists to the native-mode Windows 2000 domain.

Also, UDGs can only be converted to USGs if a domain RUS exists for the domain that contains the UDGs. If you install an Exchange 2000 server or an Exchange 2003 server into the native mode domain, then a RUS for that domain will be created automatically. Otherwise, you must manually create a domain RUS for the domain.


Author Comment

ID: 9927123
I converted all my universal distribution group in universal security group. Also I converted all my global security group in universal security group. After i merged all my old distribution group with old security group. Now i have only a type of group so i administer exchange permission on public folder in very easy way. It works fine. Thanx

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now