Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Distribution Group Permission not working in exchange 2003 server

Posted on 2007-10-06
8
Medium Priority
?
1,442 Views
Last Modified: 2012-05-05
Please help! i have a windows 2003 domain (domain functional level: windows 2000 mixed).  I recently deployed exchange 2003 enterprise server which is working well except i can't use distribution group to assign permission to mail boxes, i.e i have a distribution called 'Alluser' which has all the user which works in the organisation. when i use any outlook 2003 client to delegate permission for Calendar, Inbox, Task etc the permission becomes 'None' when i go back to check and i get the following message in the event viewer in the exchange 2003 server.

Event Type:       Error
Event Source:    MSExchangeIS Mailbox Store
Event Category: General
Event ID:           9556
Date:                10/6/2007
Time:                5:01:55 PM
User:                N/A
Computer:         MSEXCHANGE
Description:
Unable to set permission for DL /o=AKT Exchange/ou=First Administrative Group/cn=Recipients/cn=Allusers because it could not be converted to a security group. This most likely is because your system is in a mixed domain.

Event Type:       Warning
Event Source:    MSExchangeIS
Event Category: General
Event ID:           1233
Date:                10/6/2007
Time:                5:01:55 PM
User:                N/A
Computer:         MSEXCHANGE
Description:
An error occurred.
 Function name or description of problem: EcCvtDLToSecGrp
Error: 0x80004005

 
Event Type:       Warning
Event Source:    MSExchangeIS
Event Category: General
Event ID:           1233
Date:                10/6/2007
Time:                5:01:55 PM
User:                N/A
Computer:         MSEXCHANGE
Description:
An error occurred.
 Function name or description of problem: EcSetDSValuesWithGUID

Error: 0x80004005

Help apreciated!
0
Comment
Question by:akt-uk
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 600 total points
ID: 20028532
Distribution groups don't and can't have permissions associated with them. If you want to assign permissions use a security group.
0
 

Author Comment

by:akt-uk
ID: 20028582
i can't remember what was showing up when i was assigning the permission, from the outlook, tool, option, delegates and was selecting the group but can't remember what shows up when you select from the list the distrubution or the security. But what are these errors? these were popping up after i had assigned the permission
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 700 total points
ID: 20028654
>>Distribution groups don't and can't have permissions associated with them. If you want to assign permissions use a security group.

That is totally incorrect.  Distributions CAN have permissions associated with them, at which point they BECOME mail enabled security groups.

How many, and what kind, of other exchange servers do you have in the org?  What is the EXCHANGE domain functional level?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 700 total points
ID: 20028880
> "Distributions CAN have permissions associated with them, at which point they BECOME mail enabled security groups."

It's splitting a pretty fine hair, I know, but once a DG is converted into an SG, it's not actually a DG anymore.  Therefore the statement "Distribution Groups cannot be used to assign permissions" is correct.

However, to address the OP's question, this automatic conversion from DG to SG cannot happen while your Exchange org is in mixed mode.  So either use mail-enabled security groups to assign your permissions, or else convert your Exchange org to native mode to allow Exchange to auto-convert DGs to SGs as needed.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 20029003
I know what you mean Laura and totally agree, my point was, if I create a security group (without an email address) and a distribution group - only one will show up as an option for assigning permissions in Exchange.

I think another way of writing it is;

"Distribution Groups CAN be used to assign permissions, but once you do they no longer become DGs"

Tomato, tomayto :)
0
 

Author Comment

by:akt-uk
ID: 20029584
thanks for your suggestions and ideas, i'll check back on modaday when i return to work. the functional level on the exchange is same as the domain controller (windows 2000 mixed).

As i am not at work can someone please answer this?  if i was create a security group will it show up in the GAL when i  delegate permission from the outlook client using, tools, option, delegates? it obviously shows up the distribution group.

if i was to create a security group can that also possible to use as distribution group? if so what option do i need to tick when creating SG?

those errors generated in the event viewer is it because of assigning permission to the DG rather than SG?

Help is appreciated. Thank you
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20029768
A security group can be used to assign permissions and receive email.  

A distribution group can only be used to assign permissions.

To configure a security group to receive email, you need to right-click on the group in ADUC and select Exchange Tasks-->Mail Enable.  (I think it's "Mail Enable" anyway, it'll be pretty obvious.)  

If you attempt to assign permissions to a distribution group AND your Exchange org is in Native mode, Exchange will automatically convert the distribution group to a mail-enabled security group.

If you attempt to assign permissions to a distribution group AND your Exchagne org is in Mixed mode, you will receive the errors that you describe.  These errors can be alleviated by either:

[1] Assigning permissions only to mail-enabled security groups, or
[2] Raising your Exchange org to native mode, which will allow Exchange to automatically convert distribution groups to security groups when needed.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 20030949
>>if so what option do i need to tick when creating SG?

Give it an email address.  Laura has also given you the steps to mail enable existing groups.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses
Course of the Month20 days, 14 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question