If you want to grant or deny permissions to a group when you set client permissions on a mailbox or public folder, the group must meet the following criteria:
- The group must be a universal security group or a global security group. However, if you installed Exchange 2000 on a domain controller, you may not be able to use global security groups.
- The group must be mail-enabled.
When you make a group mail-enabled, you give the group Active Directory directory service attributes that Exchange 2000 uses to evaluate permissions. If a group is not mail-enabled, you cannot grant permissions to the group.
Note: A mail-enabled universal security group is different from a universal distribution group. You cannot set permissions by using universal distribution groups.
Ensuring That Groups Migrate Appropriately from Microsoft Exchange Server 5.5
When groups are migrated from Exchange Server to Exchange 2000, the Active Directory Connector (ADC) automatically migrates the Exchange Server distribution lists to universal distribution groups. If you want to use these groups when you set permissions, you must configure the ADC connection agreements so that the groups are created in a native-mode domain in Microsoft Windows 2000. Exchange 2000 then automatically converts the universal distribution groups to mail-enabled universal security groups.
If your Exchange 2000 deployment resides in a Windows 2000 mixed-mode domain (a domain that contains servers that are running Microsoft Windows NT 4.0), you must create a separate native-mode domain to house the migrated groups.
REFERENCES
For additional information, click the article numbers below
to view the articles in the Microsoft Knowledge Base:
319439�
HOW TO: Configure Storage Limits on Public Folders in Exchange 2000
319098�
HOW TO: Use System Policies to Configure Public Folder Storage Limits in Exchange 2000 Server