Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Converting Distribution to Security Groups...

Posted on 2004-09-08
7
Medium Priority
?
727 Views
Last Modified: 2010-04-12
We have a Multiple Domains with mixed mode network. Our Mail server is E5.5 and we most our exchange sites are upgraded to e2k.Only few server needs upgrade including our server. We have lot Distribution lists.

Now when a new user comes in I want to assign Share access rights, Printer access & adding into DL in one shot. For this I want to convert all DLGroups into security groups.
So that I can assign permission for printers & Files. As well as he will be the part of DL.
By adding him into the DL I can achieve all this.

I just want to know there are any issues in converting the Distribution lists groups type to Security groups.

And should in future shd I go ahead and use security groups for double purpose…(Assign permissions as well as DL)…

Please let me why we have specific Distribution group If my case is possible….

Thanks
 
0
Comment
Question by:moorthy_kulumani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 9

Expert Comment

by:jdeclue
ID: 12006157
Here are some of my thoughts.... first, the Exchange 5.5 cannot use the Groups in active directory unless you are using the Active Directory Connector for Exchange to create and synchronize the Users and Groups, in this case it will create a group in the Active Directory and add the users to it. Many people use this technique to create the AD Users and Groups, from the Exchange 5.5 Directory rather than a Windows NT Domain.

The converison in Active Directory of Distribution Lists to Security Groups, is automatic. If a distribution list is created in Active Directory from you Exchange 5.5 directory and that Group is also applied as a security group, then the first time a user in the group access the Distribution List to obtain a security principal it will be converted to a security group.

Distribution Lists vs. Security Groups, the biggest difference in my mind for keeping them seperated is that the Distribution lists will have an email address and probably be publish in the Global Address Book. Anyone using Outlook can view the membership, and send emails to the list. Most people want to keep the security groups seperate, without email addresses and without them being published.

J
0
 
LVL 3

Author Comment

by:moorthy_kulumani
ID: 12013561
Thanks for your time & comment...

We have ADC and everything in Place.We are creating groups using ADUC. Just our Home server is 5.5.

I want to put it clear..Can i use a securtiy group for accessing resource and as well as a Distrubution list ? If yes what is the disadvantage ?
If no Why ?

The Advantage i am looking here is ..Once the user added to the Security group he is in the DL & he get access to printer and shares in one shot.

Whereas in other way (Most people want to keep the security groups seperate, without email addresses and without them being published. )
I need to have two groups one for accessing resouces and one for the DL.


Hope you get what i am looking for..

0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12016168
Yes they can be used that way. Most people do not, becuase of administration. A department might have multiple lists for distribution (Managers, Staff, Department.. etc), they may also have many different security groups that just do not align to the distribution lists.  The problem with doing groups in any fashion, is that it is hard to change it down the road. Most people that start trying to use groups for dual purpose run into many issues down the road, and trying to fix or change the way they were done in the past can be a nightmare. Below I have outlined an example of a Finance group, see if it explains what I mean.


J

FINANCE GROUP

Distribution Lists:
Managers -  All managers, team leads, CIO etc
Finance - All finance employess
Payments - Specific finance employees
Travel - travel staff
Payroll - payroll staff

Security Groups:
Finance - Read Only - Finance staff
Finance - Read/Write - CIO, Managers
Finance Application - Read Only - all Finance employees
Finance Application - Read/Write - Specific finance employees, accountants, CIO etc
Travel System - Read Only - all Finance employees
Travel System - Read/Write - Read/Write - Specific finance employees, travel specialists, CIO etc
Payroll System - Accountants, CIO, payroll employees

0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 3

Author Comment

by:moorthy_kulumani
ID: 12016693
So in My case i think i can use the security group then...

DL :
All-staff  
mangers
Sales
Finance
Travel


Say i changed this to Sec groups...for to use some resource...


All-staff  - All emp.to access company forms etc..
mangers - all mangers access to color printer
sales- to the sales printer and sales share...
Finance - to the finance share and printer
Travel - to the travel share and printer..

In this case i can ise those as DL as well as for security purpose right ?
0
 
LVL 9

Accepted Solution

by:
jdeclue earned 400 total points
ID: 12016904
Of course, there are no hard and fast rules. ;). The real answer is, if it works for the company and it makes administration easier than do it!. I only wanted to point out pitfalls you can run into down the road. If those are not concerns, then don't pay attention to them. So the answer to the original question, is no there should not ba any issues, but you should create an Exchange 5.5 group, let it sync to the AD side and test it first. There are always exceptions and if something is wierd in the enviroment you could possibly have an issue.

J
0
 
LVL 3

Author Comment

by:moorthy_kulumani
ID: 12017213
I appreciate your time & sharing your thoughts.

Thanks
Ram.
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 12017462
No problem, I hope that did help. Even if it was a bit long winded! Take Care.

J
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question