Re: Can't assign calendar permissions to a group
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 5 May 2009 08:03:50 -0400
NZSchoolTech <nzschooltech@xxxxxxxxxxxx> wrote:
When I assign permissions to a resource calendar in Outlook, I want
to be able to use a security group so that I can manage membership of
that security group in one place only - in Active Directory Users and
Computers - and don't have to manage the permissions for each
resource calendar separately.
Unfortunately due to some considerable degree of shortsightedness that
Microsoft has exercised when designing Exchange and Local Users and
Groups, among others, this logical option is not provided for.
By testing I have verified that a resource calendar's permissions can
only be applied to individual users, not to groups. This is a very
strange design, because permission management by user groups is an
integral concept within Active Directory.
Unfortunately this glaring design anomaly is found in Local Users and
Groups on a client PC, where it is not possible, for example, to make
a security group a member of the Administrators group of that PC.
Only individual users can be granted membership.
The result is that, as administrators, we end up administering the
same list of users in multiple places and being unable to leverage
the power of Active Directory because of deliberate and inexplicable
design decisions.
I heard that Active Directory was originally designed from the
directory needed to hold Exchange user and group information. If so,
there seems no logical reason why it should not be possible to manage
the permissions of Exchange resources in Active Directory where you
can also manage the permissions of file resources. This deliberate
restriction forces me to manage the permissions of each shared
resource calendar individually for every single calendar.
We can set up calendars in Sharepoint and assign permissions to
groups from Active Directory in order to manage them. I have tested
being able to assign a security group from Active Directory to be a
member of an appropriate Sharepoint group and have confirmed that
this is indeed possible. So, voila, I can manage the group of users
in Active Directory and thus avoid having to manage separate lists of
users in different places for permissions.
Maybe Exchange's design limitations just make it too much hassle to
use it to manage resources like the Equipment and Room mailboxes are
supposed to provide.
In your lengthy post you've neglected to mention the version & SP levels of
everything, which is important. I'm assuming you're using E2003. You can
absolutely use mail-enabled security groups to assign permissions - this is
done all the time. Make sure you're in AD native mode, not mixed.
.
- References:
- Can't assign calendar permissions to a group
- From: NZSchoolTech
- Can't assign calendar permissions to a group
- Prev by Date: Re: Redirecting emails
- Next by Date: RE: Exchange 2007
- Previous by thread: Can't assign calendar permissions to a group
- Next by thread: Exchange 2007
- Index(es):
Relevant Pages
|
