Security Group Permissions Not Applying to DL with CSVDE
Posted on 2006-05-01
I have several email distribution groups that are created twice weekly through a csv upload. I don't want to go into a long discussion about why its done this way (it would be a long) but I'll post if someone needs this info to help. In a sentence the members of this email distribution group change that often (and there are a lot of members), we have several scripts that run to pull the info from other sources and then creates the csv file for me to upload. I have a script that deletes the old groups and recreates the new ones. That all works great, since the info is all pulled from various data base sources we have eliminated almost all manual entry which makes these distribution group accurate and easy to upload. Here's the problem.
We need to restrict who can send email to these groups. To minimize a lot of manual changes to the scripts we thought it would be easiest to have a security group assigned to each distribution group that would apply to the message restrictions. Right now a security group is applied that assigns the following permission: Only accept messages from (those in that security
group). All this uploads fine into active directory.
The problem is users who are part of the security group that specify they have rights to send to the distribution list cannot send to it (nor can those not in the list). I have to manually remove their name from the security list and manually add it to the message restriction section of the
distribution group individually.
How can I get this security to work each time we upload the distribution lists?
I know I could do it manually however we do not have the staff to add 30+ names to each email distribution list (20 and growing) twice a week. I know I can add the group membership into the CSV file, but that changes fairly often and I don't want to have to edit the script twice a week either. In addition, I think it would increase the chances that the script will not run (typos, user's account is disabled, etc.). The simplest way would to have the name of the security group coded into the script and change the members in the security group in AD. Which is what we are trying to do, but the message restrictions do not seem to recognize the names in the security group.
I've trolled the search engines and usenet groups for help on this and gotten nada - so it's up to you Experts now...
Thanks for any input!