Email SubscribeTwitter RSS
  • Home
  • About
  • Contact
  • Archives

Posts Tagged ‘groups’

Exchange 2003 to 2007 Global & Universal Groups

June 25, 2010 by teknologist | 0 Comment »

I hit a snag that was a result of my conversion from Exchange 2003 to Exchange 2007.  The snag was with global groups.  The problem is that global groups cannot be expanded by Exchange…so if you have a distribution list that is a member of a global group it will be grayed out in the Exchange Management Console and you will not be able to edit it.  You also won’t be able to right click and convert it to universal because it will give you the error of:

A global group cannot have a universal group as its member

So what to do?  How does one convert this group to a universal one?  The problem doesn’t lie with the group  itself but with the membership of the groups.  In order to convert one, you have to convert them all.

The EXPTA blog has an excellent post regarding what is going on with solutions to boot:

As you may know, Exchange Server 2007 and Exchange Server 2010 force you to create all new distribution groups as universal distribution groups.
The reason for this is that Exchange 2007/2010 requires a local Global Catalog (GC) server in the Active Directory site where Exchange resides to query for group expansion. A GC can expand domain local, global, and universal groups. However, domain local groups (and sometimes global groups) can only be expanded within the domain local scope. If the GC is a member of the companyabc.com domain, it will be unable to expand a domain local group in the sales.companyabc.com subdomain.

I’m going to be posting how they solved their problem for posterity but you can head over to the EXPTA blog for the full post which contains much more meat than this post will.

To solve the problem, query the groups and look at how many you have that are global.  Just open up a command window on a domain administrator account and remember that this command may take a while on a large enterprise:

dsquery group -limit 0 | dsget group -samid -scope -secgrp > Groups.txt

Next run the command to convert the global groups to universal.  There are no adverse problems that will result from this…the conversion doesn’t mess with permissions.

dsquery group -limit 0 | dsmod group -c -q -scope u

You WILL have to run this 2nd command many, many times.  See, each time it cycles through the groups it finds the top level one it has not converted and converts it to universal…there may be 3 more subgroups that need converted but it won’t convert them until the parent is a universal.

For more explanation, see the EXPTA blog link above and hopefully this helps someone out!


Exchange General | Tags: 2003, 2007, active directory, exchange, global, groups, query, universal


Login

User:
Password:

| Register | Lost password?
Loading Logging in ...

User:
E-mail:

A password will be mailed to you.
 Log In | Lost password?
Loading Registering ...

User:
E-mail:

A message will be sent to your e-mail address.
 Log In | Register
Loading Looking up your credentials ...

Teknologist Sponsors

  • Tags

    2003 2007 2010 active directory active sync activesync address blackberry blog blogging cell phone database DDL delegates dynamic dynamic distribution lists eas exchange ghost global green group groups hub ifitsgreen ldap list lists logs mailbox mailboxes mailing lists microsoft migration phantom powershell query security send on behalf of smart phone smtp technology transport users windows

  • Archives

    • January 2012
    • December 2011
    • June 2011
    • February 2011
    • December 2010
    • November 2010
    • September 2010
    • August 2010
    • July 2010
    • June 2010
    • April 2010
    • March 2010
    • February 2010
    • January 2010
    • December 2009
Get Adobe Flash playerPlugin by wpburn.com wordpress themes
Copyright © 2012 Teknologist All Rights Reserved XHTML CSS THEME by I SOFTWARE REVIEWS