moorthy_kulumani
asked on
Converting Distribution to Security Groups...
We have a Multiple Domains with mixed mode network. Our Mail server is E5.5 and we most our exchange sites are upgraded to e2k.Only few server needs upgrade including our server. We have lot Distribution lists.
Now when a new user comes in I want to assign Share access rights, Printer access & adding into DL in one shot. For this I want to convert all DLGroups into security groups.
So that I can assign permission for printers & Files. As well as he will be the part of DL.
By adding him into the DL I can achieve all this.
I just want to know there are any issues in converting the Distribution lists groups type to Security groups.
And should in future shd I go ahead and use security groups for double purpose…(Assign permissions as well as DL)…
Please let me why we have specific Distribution group If my case is possible….
Thanks
Now when a new user comes in I want to assign Share access rights, Printer access & adding into DL in one shot. For this I want to convert all DLGroups into security groups.
So that I can assign permission for printers & Files. As well as he will be the part of DL.
By adding him into the DL I can achieve all this.
I just want to know there are any issues in converting the Distribution lists groups type to Security groups.
And should in future shd I go ahead and use security groups for double purpose…(Assign permissions as well as DL)…
Please let me why we have specific Distribution group If my case is possible….
Thanks
ASKER
Thanks for your time & comment...
We have ADC and everything in Place.We are creating groups using ADUC. Just our Home server is 5.5.
I want to put it clear..Can i use a securtiy group for accessing resource and as well as a Distrubution list ? If yes what is the disadvantage ?
If no Why ?
The Advantage i am looking here is ..Once the user added to the Security group he is in the DL & he get access to printer and shares in one shot.
Whereas in other way (Most people want to keep the security groups seperate, without email addresses and without them being published. )
I need to have two groups one for accessing resouces and one for the DL.
Hope you get what i am looking for..
We have ADC and everything in Place.We are creating groups using ADUC. Just our Home server is 5.5.
I want to put it clear..Can i use a securtiy group for accessing resource and as well as a Distrubution list ? If yes what is the disadvantage ?
If no Why ?
The Advantage i am looking here is ..Once the user added to the Security group he is in the DL & he get access to printer and shares in one shot.
Whereas in other way (Most people want to keep the security groups seperate, without email addresses and without them being published. )
I need to have two groups one for accessing resouces and one for the DL.
Hope you get what i am looking for..
Yes they can be used that way. Most people do not, becuase of administration. A department might have multiple lists for distribution (Managers, Staff, Department.. etc), they may also have many different security groups that just do not align to the distribution lists. The problem with doing groups in any fashion, is that it is hard to change it down the road. Most people that start trying to use groups for dual purpose run into many issues down the road, and trying to fix or change the way they were done in the past can be a nightmare. Below I have outlined an example of a Finance group, see if it explains what I mean.
J
FINANCE GROUP
Distribution Lists:
Managers - All managers, team leads, CIO etc
Finance - All finance employess
Payments - Specific finance employees
Travel - travel staff
Payroll - payroll staff
Security Groups:
Finance - Read Only - Finance staff
Finance - Read/Write - CIO, Managers
Finance Application - Read Only - all Finance employees
Finance Application - Read/Write - Specific finance employees, accountants, CIO etc
Travel System - Read Only - all Finance employees
Travel System - Read/Write - Read/Write - Specific finance employees, travel specialists, CIO etc
Payroll System - Accountants, CIO, payroll employees
J
FINANCE GROUP
Distribution Lists:
Managers - All managers, team leads, CIO etc
Finance - All finance employess
Payments - Specific finance employees
Travel - travel staff
Payroll - payroll staff
Security Groups:
Finance - Read Only - Finance staff
Finance - Read/Write - CIO, Managers
Finance Application - Read Only - all Finance employees
Finance Application - Read/Write - Specific finance employees, accountants, CIO etc
Travel System - Read Only - all Finance employees
Travel System - Read/Write - Read/Write - Specific finance employees, travel specialists, CIO etc
Payroll System - Accountants, CIO, payroll employees
ASKER
So in My case i think i can use the security group then...
DL :
All-staff
mangers
Sales
Finance
Travel
Say i changed this to Sec groups...for to use some resource...
All-staff - All emp.to access company forms etc..
mangers - all mangers access to color printer
sales- to the sales printer and sales share...
Finance - to the finance share and printer
Travel - to the travel share and printer..
In this case i can ise those as DL as well as for security purpose right ?
DL :
All-staff
mangers
Sales
Finance
Travel
Say i changed this to Sec groups...for to use some resource...
All-staff - All emp.to access company forms etc..
mangers - all mangers access to color printer
sales- to the sales printer and sales share...
Finance - to the finance share and printer
Travel - to the travel share and printer..
In this case i can ise those as DL as well as for security purpose right ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I appreciate your time & sharing your thoughts.
Thanks
Ram.
Thanks
Ram.
No problem, I hope that did help. Even if it was a bit long winded! Take Care.
J
J
The converison in Active Directory of Distribution Lists to Security Groups, is automatic. If a distribution list is created in Active Directory from you Exchange 5.5 directory and that Group is also applied as a security group, then the first time a user in the group access the Distribution List to obtain a security principal it will be converted to a security group.
Distribution Lists vs. Security Groups, the biggest difference in my mind for keeping them seperated is that the Distribution lists will have an email address and probably be publish in the Global Address Book. Anyone using Outlook can view the membership, and send emails to the list. Most people want to keep the security groups seperate, without email addresses and without them being published.
J