Whoops, should have mentioned--if you're in a multiple-domain environment,
the first group--the distribution group--should also be a Universal Security
B.Ed., MCSE+I, MCT
triOS Training Centres
Mississauga, Ontario, Canada
> Security groups can be assigned permissions to network resources,
> Distribution groups cannot. Both group types can be mail-enabled and
> function as distribution lists in Exchange 2000.
> In your situation, here's what I'd recommend. Use two groups; you'll need
> be in native mode for this to work, BTW, because you'll either need to use
> group nesting or Universal groups. One group contains everyone EXCEPT the
> guy who should NOT receive e-mails to the group (let's call him Joe, just
> be concise). Mail-enable this group; it should be a Global Security (NOT
> Distribution--it needs permissions, albeit indirectly) group. You may want
> to use the group you currently have set up for this (just remove Joe from
> Create another group. DO NOT mail-enable it; it should be either a Global
> (if you have a single-domain forest) or Universal (multiple-domain forest)
> Security group. Add Joe to it, and the other group (the mail-enabled one).
> Grant permissions to this group by adding to the appropriate Domain Local
> Ron Stewart
> B.Ed., MCSE+I, MCT
> Senior Instructor/Consultant
> triOS Training Centres
> Mississauga, Ontario, Canada
> (905) 542-7678
> > This is regarding Exchange 2000. I'm sorry if this is not right site.
> > What is the exact difference between Security Group and Distribution
> > What implications does it have in connection to Exchange 2000 ? Is this
> > design phase very critical ?
> > I came across one situation:
> > I have Engineering group. We initially created this is Global Security
> > Group. It has members on it. And it has e-mail address too.
> > So, when people send the mail it goes to all its members.
> > ( I don't know , we should have done this as distribution group. ???)
> > Now I have one guy who needs to be in this security group but he should
> > be in this e-mail distribution.
> > The reason being simple, he needs to access some of the folders in file
> > server and some other reasons he needs to be in this group. But, when
> > management sends out e-mail to this engineering group, he should not get
> > that e-mail. He will have Exchange 2000 e-mail address thou....
> > Is two group with same name is required - like "Engineering" - security
> > group and "Engineering" Distribution group ? OR is this still lagging
> > technical refinements in Exchange 2000 ? I mean is there some sort of
> > stuffs coming in Exchange 4000 ? Where you can simply exclude him as per
> > distribution of e-mail goes ?
> > How to handle this situation ?