Microsoft KB Archive/328752

= XADM: How to Configure Groups for Use with Exchange 2000 Permissions =

Article ID: 328752

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q328752



SUMMARY
Permissions define the extent to which users can work with items in a folder. Roles are sets of permissions that define how much access users have to a public folder. You can grant permissions to new users or modify permissions for existing users. This article describes the criteria that you need to configure groups for use with Exchange 2000 permissions.



MORE INFORMATION
If you want to grant or deny permissions to a group when you set client permissions on a mailbox or public folder, the group must meet the following criteria:
 * The group must be a universal security group or a global security group. However, if you installed Exchange 2000 on a domain controller, you may not be able to use global security groups.
 * The group must be mail-enabled.

When you make a group mail-enabled, you give the group Active Directory directory service attributes that Exchange 2000 uses to evaluate permissions. If a group is not mail-enabled, you cannot grant permissions to the group.

Note: A mail-enabled universal security group is different from a universal distribution group. You cannot set permissions by using universal distribution groups.

Ensuring That Groups Migrate Appropriately from Microsoft Exchange Server 5.5
When groups are migrated from Exchange Server to Exchange 2000, the Active Directory Connector (ADC) automatically migrates the Exchange Server distribution lists to universal distribution groups. If you want to use these groups when you set permissions, you must configure the ADC connection agreements so that the groups are created in a native-mode domain in Microsoft Windows 2000. Exchange 2000 then automatically converts the universal distribution groups to mail-enabled universal security groups.

If your Exchange 2000 deployment resides in a Windows 2000 mixed-mode domain (a domain that contains servers that are running Microsoft Windows NT 4.0), you must create a separate native-mode domain to house the migrated groups.