Re: Distribution Lists
- From: HighOnTCP@xxxxxxxxx
- Date: 9 May 2007 10:39:29 -0700
On May 9, 11:24 am, TSAM <T...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello all,
While creating a new group aka distribution list, we have Group Scope and
Group type. It's always confusing for me. Could somebody provide an advanced/
detailed description and scenarios where/ when to use them?
With Group Scope there is domain local, global and universal and with group
type there is security and distribution. What's the purpose of each of them.
Could all of these group with all possible combination receive email from
internal exchange servers and external email accounts.
Thanks
DISTRIBUTION GROUPS are used as just that, a place to distribute
emails to people. It is email enabled and has an address and when you
send an email to it it to goes to all of its members.
SECURITY GROUPS are used to protect resources, are not mail enabled
and should never be used as such.
In our situation, everywhere we use these in Active Directory you will
see a "-S" after the name if it is a security group. If you don't see
the "-S", it is a Distribution Group and should never be used to grant
or deny access to a resource, for numerous reasons:
A: ocassionally a person who is a member of a security group may not
be part of the same named distro group, or they may have different
access rights in the security group, using the distro group doesn't
carry any real permissions with it.
B: Using a distro group for security automatically converts it to a
security group, if you see this during an audit and convert it back to
a distro group, whatever it was securing is now hosed.
E
.
- Follow-Ups:
- Re: Distribution Lists
- From: Rich Matheisen [MVP]
- Re: Distribution Lists
- Prev by Date: Re: Email rejected
- Next by Date: Re: detailed message tracking (read, deleted, etc.)
- Previous by thread: Re: Distribution Lists
- Next by thread: Re: Distribution Lists
- Index(es):
Relevant Pages
|
