Link to home
Start Free TrialLog in
Avatar of akt-uk
akt-uk

asked on

Distribution Group Permission not working in exchange 2003 server

Please help! i have a windows 2003 domain (domain functional level: windows 2000 mixed).  I recently deployed exchange 2003 enterprise server which is working well except i can't use distribution group to assign permission to mail boxes, i.e i have a distribution called 'Alluser' which has all the user which works in the organisation. when i use any outlook 2003 client to delegate permission for Calendar, Inbox, Task etc the permission becomes 'None' when i go back to check and i get the following message in the event viewer in the exchange 2003 server.

Event Type:       Error
Event Source:    MSExchangeIS Mailbox Store
Event Category: General
Event ID:           9556
Date:                10/6/2007
Time:                5:01:55 PM
User:                N/A
Computer:         MSEXCHANGE
Description:
Unable to set permission for DL /o=AKT Exchange/ou=First Administrative Group/cn=Recipients/cn=Allusers because it could not be converted to a security group. This most likely is because your system is in a mixed domain.

Event Type:       Warning
Event Source:    MSExchangeIS
Event Category: General
Event ID:           1233
Date:                10/6/2007
Time:                5:01:55 PM
User:                N/A
Computer:         MSEXCHANGE
Description:
An error occurred.
 Function name or description of problem: EcCvtDLToSecGrp
Error: 0x80004005

 
Event Type:       Warning
Event Source:    MSExchangeIS
Event Category: General
Event ID:           1233
Date:                10/6/2007
Time:                5:01:55 PM
User:                N/A
Computer:         MSEXCHANGE
Description:
An error occurred.
 Function name or description of problem: EcSetDSValuesWithGUID

Error: 0x80004005

Help apreciated!
SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of akt-uk
akt-uk

ASKER

i can't remember what was showing up when i was assigning the permission, from the outlook, tool, option, delegates and was selecting the group but can't remember what shows up when you select from the list the distrubution or the security. But what are these errors? these were popping up after i had assigned the permission
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I know what you mean Laura and totally agree, my point was, if I create a security group (without an email address) and a distribution group - only one will show up as an option for assigning permissions in Exchange.

I think another way of writing it is;

"Distribution Groups CAN be used to assign permissions, but once you do they no longer become DGs"

Tomato, tomayto :)
Avatar of akt-uk

ASKER

thanks for your suggestions and ideas, i'll check back on modaday when i return to work. the functional level on the exchange is same as the domain controller (windows 2000 mixed).

As i am not at work can someone please answer this?  if i was create a security group will it show up in the GAL when i  delegate permission from the outlook client using, tools, option, delegates? it obviously shows up the distribution group.

if i was to create a security group can that also possible to use as distribution group? if so what option do i need to tick when creating SG?

those errors generated in the event viewer is it because of assigning permission to the DG rather than SG?

Help is appreciated. Thank you
A security group can be used to assign permissions and receive email.  

A distribution group can only be used to assign permissions.

To configure a security group to receive email, you need to right-click on the group in ADUC and select Exchange Tasks-->Mail Enable.  (I think it's "Mail Enable" anyway, it'll be pretty obvious.)  

If you attempt to assign permissions to a distribution group AND your Exchange org is in Native mode, Exchange will automatically convert the distribution group to a mail-enabled security group.

If you attempt to assign permissions to a distribution group AND your Exchagne org is in Mixed mode, you will receive the errors that you describe.  These errors can be alleviated by either:

[1] Assigning permissions only to mail-enabled security groups, or
[2] Raising your Exchange org to native mode, which will allow Exchange to automatically convert distribution groups to security groups when needed.
>>if so what option do i need to tick when creating SG?

Give it an email address.  Laura has also given you the steps to mail enable existing groups.