Solved

Converting Distribution to Security Groups...

Posted on 2004-09-08
7
719 Views
Last Modified: 2010-04-12
We have a Multiple Domains with mixed mode network. Our Mail server is E5.5 and we most our exchange sites are upgraded to e2k.Only few server needs upgrade including our server. We have lot Distribution lists.

Now when a new user comes in I want to assign Share access rights, Printer access & adding into DL in one shot. For this I want to convert all DLGroups into security groups.
So that I can assign permission for printers & Files. As well as he will be the part of DL.
By adding him into the DL I can achieve all this.

I just want to know there are any issues in converting the Distribution lists groups type to Security groups.

And should in future shd I go ahead and use security groups for double purpose…(Assign permissions as well as DL)…

Please let me why we have specific Distribution group If my case is possible….

Thanks
 
0
Comment
Question by:moorthy_kulumani
  • 4
  • 3
7 Comments
 
LVL 9

Expert Comment

by:jdeclue
ID: 12006157
Here are some of my thoughts.... first, the Exchange 5.5 cannot use the Groups in active directory unless you are using the Active Directory Connector for Exchange to create and synchronize the Users and Groups, in this case it will create a group in the Active Directory and add the users to it. Many people use this technique to create the AD Users and Groups, from the Exchange 5.5 Directory rather than a Windows NT Domain.

The converison in Active Directory of Distribution Lists to Security Groups, is automatic. If a distribution list is created in Active Directory from you Exchange 5.5 directory and that Group is also applied as a security group, then the first time a user in the group access the Distribution List to obtain a security principal it will be converted to a security group.

Distribution Lists vs. Security Groups, the biggest difference in my mind for keeping them seperated is that the Distribution lists will have an email address and probably be publish in the Global Address Book. Anyone using Outlook can view the membership, and send emails to the list. Most people want to keep the security groups seperate, without email addresses and without them being published.

J
0
 
LVL 3

Author Comment

by:moorthy_kulumani
ID: 12013561
Thanks for your time & comment...

We have ADC and everything in Place.We are creating groups using ADUC. Just our Home server is 5.5.

I want to put it clear..Can i use a securtiy group for accessing resource and as well as a Distrubution list ? If yes what is the disadvantage ?
If no Why ?

The Advantage i am looking here is ..Once the user added to the Security group he is in the DL & he get access to printer and shares in one shot.

Whereas in other way (Most people want to keep the security groups seperate, without email addresses and without them being published. )
I need to have two groups one for accessing resouces and one for the DL.


Hope you get what i am looking for..

0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12016168
Yes they can be used that way. Most people do not, becuase of administration. A department might have multiple lists for distribution (Managers, Staff, Department.. etc), they may also have many different security groups that just do not align to the distribution lists.  The problem with doing groups in any fashion, is that it is hard to change it down the road. Most people that start trying to use groups for dual purpose run into many issues down the road, and trying to fix or change the way they were done in the past can be a nightmare. Below I have outlined an example of a Finance group, see if it explains what I mean.


J

FINANCE GROUP

Distribution Lists:
Managers -  All managers, team leads, CIO etc
Finance - All finance employess
Payments - Specific finance employees
Travel - travel staff
Payroll - payroll staff

Security Groups:
Finance - Read Only - Finance staff
Finance - Read/Write - CIO, Managers
Finance Application - Read Only - all Finance employees
Finance Application - Read/Write - Specific finance employees, accountants, CIO etc
Travel System - Read Only - all Finance employees
Travel System - Read/Write - Read/Write - Specific finance employees, travel specialists, CIO etc
Payroll System - Accountants, CIO, payroll employees

0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 3

Author Comment

by:moorthy_kulumani
ID: 12016693
So in My case i think i can use the security group then...

DL :
All-staff  
mangers
Sales
Finance
Travel


Say i changed this to Sec groups...for to use some resource...


All-staff  - All emp.to access company forms etc..
mangers - all mangers access to color printer
sales- to the sales printer and sales share...
Finance - to the finance share and printer
Travel - to the travel share and printer..

In this case i can ise those as DL as well as for security purpose right ?
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 100 total points
ID: 12016904
Of course, there are no hard and fast rules. ;). The real answer is, if it works for the company and it makes administration easier than do it!. I only wanted to point out pitfalls you can run into down the road. If those are not concerns, then don't pay attention to them. So the answer to the original question, is no there should not ba any issues, but you should create an Exchange 5.5 group, let it sync to the AD side and test it first. There are always exceptions and if something is wierd in the enviroment you could possibly have an issue.

J
0
 
LVL 3

Author Comment

by:moorthy_kulumani
ID: 12017213
I appreciate your time & sharing your thoughts.

Thanks
Ram.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12017462
No problem, I hope that did help. Even if it was a bit long winded! Take Care.

J
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Active Directory Replication 10 1,145
How to Test Com Ports on NT 4.0 Workstation 2 280
Windows 7 7 269
Windows 16 350
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article describes how to reset your Windows 10 password when you've forgotten it.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question