Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
Greetings,
We have a security group for each region in the world (North America, Europe, Asia, South America, Africa, etc).
In addition, we have security groups for departments of regions (NA_dpt_Accounting, NA_dpt_Engineering, etc). These groups are a member of their respective region ("North America").
We have a distribution list for each region in the form of dl-<region>, such as dl-northamerica, dl-europe, etc.
We also have one distribution list dl-company (or dl-world or dl-global or dl-all). All the dl-<region> distribution lists are a member of this. It works.
Problem is this: when a user needs to be able to send an e-mail company-wide, we can't simply just give privileges to dl-company ... we have to give privileges to every single dl-<region> and dl-company. We have tried adding plain security groups such as NA_dpt_InformationTechnology or 'North America' but mail is not delivered to these security groups -- we seem to have to use the security groups Exchange creates for distribution lists.
I did observe that the security groups Exchange creates are Universal+Distribution for Group scope and Group type respectively. The security groups we have for regions and departments use the default Global+Security. Some of our folder permissions, shares, GPOs and OU structure depend on these security groups.
Is there any way we can use our region and department security groups as members of distribution lists with success so that when a user needs privileges to send company-wide we don't need to go and modify every distribution list to give user access to those too (and without breaking anything)? It would certainly make administration for these type of requests a lot easier and less laboring.
We have a security group for each region in the world (North America, Europe, Asia, South America, Africa, etc).
In addition, we have security groups for departments of regions (NA_dpt_Accounting, NA_dpt_Engineering, etc). These groups are a member of their respective region ("North America").
We have a distribution list for each region in the form of dl-<region>, such as dl-northamerica, dl-europe, etc.
We also have one distribution list dl-company (or dl-world or dl-global or dl-all). All the dl-<region> distribution lists are a member of this. It works.
Problem is this: when a user needs to be able to send an e-mail company-wide, we can't simply just give privileges to dl-company ... we have to give privileges to every single dl-<region> and dl-company. We have tried adding plain security groups such as NA_dpt_InformationTechnology or 'North America' but mail is not delivered to these security groups -- we seem to have to use the security groups Exchange creates for distribution lists.
I did observe that the security groups Exchange creates are Universal+Distribution for Group scope and Group type respectively. The security groups we have for regions and departments use the default Global+Security. Some of our folder permissions, shares, GPOs and OU structure depend on these security groups.
Is there any way we can use our region and department security groups as members of distribution lists with success so that when a user needs privileges to send company-wide we don't need to go and modify every distribution list to give user access to those too (and without breaking anything)? It would certainly make administration for these type of requests a lot easier and less laboring.