Distribution Group to Security Group
Distribution Group to Security Group
I have a Domain Local\Distribution group in Active Directory, that I need to add to Mailbox Delegation in Exchange server, but when I try it in Mailbox Delegation, I can not see the Distribution group listed. Then I thought probably I need to convert the Distribution Group to Security Group, However I am not sure what would be the negative impact.
is the group going to loose any rights somewhere/somehow or will it gain extra rights ?
any help on this ?
Thank you
I have a Domain Local\Distribution group in Active Directory, that I need to add to Mailbox Delegation in Exchange server, but when I try it in Mailbox Delegation, I can not see the Distribution group listed. Then I thought probably I need to convert the Distribution Group to Security Group, However I am not sure what would be the negative impact.
is the group going to loose any rights somewhere/somehow or will it gain extra rights ?
any help on this ?
Thank you
ASKER
Correct I want the Distribution group to be added to the Mailbox Delegation such as Send As or Full Mailbox access.
I have done extra reading, and what I have found so far it can be done (add to Mailbox Delegation) only through Powershell not through Exchange GUI ECP
I have done extra reading, and what I have found so far it can be done (add to Mailbox Delegation) only through Powershell not through Exchange GUI ECP
It is possible to grant "Send As" or "Send on behalf of" permissions to a distribution group, however, Full mailbox access doesn't apply, because a distribution group doesn't have a mailbox. To see how to grant send as permissions, see here:
https://social.technet.microsoft.com/Forums/ie/en-US/72b54918-3216-47fe-9edb-dce3ccc0bbf1/send-on-behalf-send-as-a-distribution-list?forum=exchangesvrgenerallegacy
Hope this helps!
Christopher.
https://social.technet.microsoft.com/Forums/ie/en-US/72b54918-3216-47fe-9edb-dce3ccc0bbf1/send-on-behalf-send-as-a-distribution-list?forum=exchangesvrgenerallegacy
Hope this helps!
Christopher.
ASKER
I believe you still cannot grant that through ECP GUI
You are correct. If you want a GUI interface, you would need to go through "Active Directory Users and Computers" interface.
First ensure you have "Advanced Features" checked under the "View" menu item.
Locate the distribution group
Right click on the group and choose "Properties"
Select the "Security" tab.
Click on the "Advanced" button.
Click on the "Add" button
Type the name of the person you want to have "Send As" permissions.
Scroll down the Permissions list, and check the "Allow" box beside the "Send As" option.
Hope this helps!
Christopher.
First ensure you have "Advanced Features" checked under the "View" menu item.
Locate the distribution group
Right click on the group and choose "Properties"
Select the "Security" tab.
Click on the "Advanced" button.
Click on the "Add" button
Type the name of the person you want to have "Send As" permissions.
Scroll down the Permissions list, and check the "Allow" box beside the "Send As" option.
Hope this helps!
Christopher.
ASKER
after you do that , will you be able then to see the name of the Distribution group later in the ECP / Mailbox Delegation ?
No. A distribution group does not have a mailbox to delegate access to. If you want to have a group with a mailbox, you may wish to look at using a shared mailbox.
https://technet.microsoft.com/en-us/library/jj150498(v=exchg.150).aspx
https://technet.microsoft.com/en-us/library/jj150498(v=exchg.150).aspx
ASKER
so if we have 10 users that have mailboxes and we want them to add for instance Xmailbox to their Outlook, we'll have to go to ECP, find the Xmailbox then go to Mailbox Delegation of Xmailbox and add one user at a time to the Xmailbox (Full Access)
So There is no way to just add the group to Mailbox Delegation of Xmailbox instead of one user at a time?
So There is no way to just add the group to Mailbox Delegation of Xmailbox instead of one user at a time?
I'm not sure I understand what you're asking.
Do you want 10 people to have access to a group email?
If you have a shared mailbox, you can add them all on the server, and it will show up in their outlook:
https://social.technet.microsoft.com/Forums/exchange/en-US/c80af034-d38e-4429-bf54-91a063ee344f/add-shared-mailbox-to-multiple-users-from-exchange-2010?forum=exchange2010
Do you want 10 people to have access to a group email?
If you have a shared mailbox, you can add them all on the server, and it will show up in their outlook:
https://social.technet.microsoft.com/Forums/exchange/en-US/c80af034-d38e-4429-bf54-91a063ee344f/add-shared-mailbox-to-multiple-users-from-exchange-2010?forum=exchange2010
ASKER
Ok You know that from ECP you can go to a mailboxA and add userB to Mailbox Delegation , and you can give userB for instance Full access. That userB will be able to open Outlook and add that mailboxA to it is Outlook.
Ok Now we have 10 more users that we want to be able to do the same thing.
how can you do that ?
Ok Now we have 10 more users that we want to be able to do the same thing.
how can you do that ?
If you use a shared mailbox, you can give access to the shared mailbox to all of them and it will show up in their Outlook.
See here:
https://social.technet.microsoft.com/Forums/exchange/en-US/c80af034-d38e-4429-bf54-91a063ee344f/add-shared-mailbox-to-multiple-users-from-exchange-2010?forum=exchange2010
See here:
https://social.technet.microsoft.com/Forums/exchange/en-US/c80af034-d38e-4429-bf54-91a063ee344f/add-shared-mailbox-to-multiple-users-from-exchange-2010?forum=exchange2010
ASKER
OK... let me see if I understood that:
1- SO we can add one user at a time to a mailbox delegation and give users Full Mailbox access, but we cannot put users in a group and add the group to mailbox delegation and give the group full mailbox. Correct ?
2- The only way to give a group full mailbox access to a mailbox, is if you convert the mailbox to a shared mailbox.
Correct ?
1- SO we can add one user at a time to a mailbox delegation and give users Full Mailbox access, but we cannot put users in a group and add the group to mailbox delegation and give the group full mailbox. Correct ?
2- The only way to give a group full mailbox access to a mailbox, is if you convert the mailbox to a shared mailbox.
Correct ?
Ok, I think I might be misunderstanding you.
You have a mailbox, and you want to grant access to a group of people, rather than each individually?
If this is the case, you can convert the group to a security group, and then grant access in Mailbox delegation.
I thought you had a distribution group, and wanted the members to have control over the distribution group mailbox. (This is a problem, because a distribution group doesn't have a mailbox.)
Providing permissions to a group requires an SID for the group, so you would need to convert it to a Security Group, and then you will be able to use the group to provide permissions to a mailbox.
Sorry for the confusion.
Christopher.
You have a mailbox, and you want to grant access to a group of people, rather than each individually?
If this is the case, you can convert the group to a security group, and then grant access in Mailbox delegation.
I thought you had a distribution group, and wanted the members to have control over the distribution group mailbox. (This is a problem, because a distribution group doesn't have a mailbox.)
Providing permissions to a group requires an SID for the group, so you would need to convert it to a Security Group, and then you will be able to use the group to provide permissions to a mailbox.
Sorry for the confusion.
Christopher.
ASKER
If this is the case, you can convert the group to a security group, and then grant access in Mailbox delegation.
That was the initial step I did.
However when I go to Exchange ECP , find and select the mailbox properties/Mailbox Delegation and look for the Security Group , it does not show up. It shows in ADUC but not in Mailbox Delegation.
ASKER
Christopher,
DO you think this is can be a Bug in the ECP ?
DO you think this is can be a Bug in the ECP ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will try it later
Thank you
Thank you
To answer your question, changing a Distribution Group to A Security Group, will assign a SID to the group, so that it can be used for permissions.
As it stands right now, a distribution group is used ONLY for routing email.
The second issue, is your attempt to add mailbox delegation.... can you clarify what you're wanting to do here?
A distribution group doesn't have a mailbox. Are you wanting to allow send as? or set an auto response? What are you wanting to do to the distribution group email?
Christopher.