Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2693
  • Last Modified:

Distribution lists and client permission for public folder

Hi. I have a domain W2K in native mode and an Exchange 2000. I created many public folders when my domain was in mixed mode. I assigned permissions for each public folder to different user. I changed my domain in native mode and now i can give permissions to distribution list. Is there a way to assign permission only to distribution list bypassing users and permit them to use public folders? I have a lot of public folder and many users and changing permission when the users change group is hard (and it happens very frequently). So i can administer only distribution list permissions in public folder without change permissions for each user
0
doc1166
Asked:
doc1166
  • 2
  • 2
1 Solution
 
kopplibjCommented:
Yes this can be done.  What does happen though when you use a distribution list to identify permissions, by default it will change to a security group through AD.  This doesn't affect the ability to see it in the GAL or send e-mails.  If you have several users needing permissions to Public Folders it is much easier to maintain these by lists where you can just add/remove the user once.
0
 
doc1166Author Commented:
I changed mode of my domain two weeks ago. So now i have "distribution group - universal" for my distribution list and "global group - security" for sharing resource. Now in a public folder where i'm owner, i removed all client permissions for users and i give supervisor permissions to an address assigned to a distribution group - universal. Users member of this gruop don't see public folder. How i do it?
0
 
kopplibjCommented:
When you migrate to Exchange 2000 or introduce Exchange 2000 servers into your organization, Exchange Server distribution lists convert to Microsoft Windows 2000 Server universal distribution groups.
 
Using Exchange Server Distribution Lists

If an Exchange Server public folder access control list (ACL) contains a distribution list and the public folder is replicated to an Exchange 2000 server, the distribution list converts to a universal distribution group. However, to set permissions, Exchange 2000 uses Windows 2000 universal security groups instead of universal distribution groups.

If the server that is running Exchange 2000 is located in a Windows 2000 domain that is in native mode, the universal distribution group automatically converts to a universal security group when a user gains access to the public folder. However, if the server is located in a Windows 2000 domain that is in mixed mode, the conversion to a universal security group does not occur. Without a successful conversion of public folder permissions, all users lose access to the public folder.

Likewise, if you try to assign public folder permissions to a universal distribution group that was converted from an Exchange Server distribution list, the server that is running Exchange 2000 cannot create a universal security group and the following problems occur:
In System Manager, error number 80004005 appears and you receive the following message:

The operation failed.
In Microsoft Outlook, you receive the following error message:

The Client Operation Failed.
In Event Viewer, under Application, event number 9556 or 9552 appears.

Exchange 2000 users cannot see the public folder in Microsoft Outlook.

Make sure that your organization contains at least one native-mode Windows 2000 domain in which you can store and manage universal security groups. You can either convert an existing domain to native mode or create a new native-mode domain. Then configure a recipient Connection Agreement to replicate the Exchange Server distribution lists to the native-mode Windows 2000 domain.

Also, UDGs can only be converted to USGs if a domain RUS exists for the domain that contains the UDGs. If you install an Exchange 2000 server or an Exchange 2003 server into the native mode domain, then a RUS for that domain will be created automatically. Otherwise, you must manually create a domain RUS for the domain.

0
 
doc1166Author Commented:
I converted all my universal distribution group in universal security group. Also I converted all my global security group in universal security group. After i merged all my old distribution group with old security group. Now i have only a type of group so i administer exchange permission on public folder in very easy way. It works fine. Thanx
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now