RE: [ActiveDir] Switching distibution lists to security groups
Thanks for the reply. I appreciate it. Is it safe for me to assume that the only consideration in doing this is the token size? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Tuesday, October 24, 2006 9:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Switching distibution lists to security groups Rob- This came up just the other day. Check http://www.mail-archive.com/activedir@mail.activedir.org/msg47273.htmland see if the responses there help. Hunter From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Huber, Rob (HNI Corp) Sent: Tuesday, October 24, 2006 8:10 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Switching distibution lists to security groups Hello, This may be an easy answer, but I want to get feedback anyway. What are the potential problems/issues/concerns with switching distribution groups to security groups? Our Sharepoint group has rolled out Sharepoint site permissions based on DLs. I believe that DLs should be used for DLs and security groups should be used for security (or permissions in this case) and have encouraged them to set the permissions accordingly. Their counter is that the site owners do not know the membership of the security groups, but know the membership of their respective groups DLs and therefore it is easier to administrate the permissions that way. A simple fix would be to switch the DLs to security groups, however that seams a bit too simple.
Re: [ActiveDir] Switching distibution lists to security groups
I don't think that's a safe consideration. The rest of the consideration is how the groups will be used over time. Immediate benefit is that your sharepoint system will be able to find them in the gal and see the groups. Great. The long term impact is that you will no longer be able to tell what is being used for what as far as acl's go. The implication is that you have extremely great controls on your dg's as well as your existing security groups. Most shops allow dg's with no thought that they would be used for anything other than mail. Typical maintenance for a mail group is to delete it when it has one user or to delete is when it is no longer in keeping with standards etc. The impact is very low so no need to really worry about it beyond is it useful. If it's also a security group, you've added a new dimension to your use of mail groups. I doubt seriously that Microsoft will continue to use that model in future versions. Of course, I can barely believe that they went with that model this time. To exclude the domain model in favor of using the GAL as an authentication source is so strange to me I almost can't fathom it. AlOn 10/27/06, Huber, Rob (HNI Corp) [EMAIL PROTECTED] wrote: Thanks for the reply. I appreciate it. Is it safe for me to assume that the only consideration in doing this is the token size? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Coleman, Hunter Sent: Tuesday, October 24, 2006 9:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Switching distibution lists to security groups Rob- This came up just the other day. Check http://www.mail-archive.com/activedir@mail.activedir.org/msg47273.htmland see if the responses there help. Hunter From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Huber, Rob (HNI Corp) Sent: Tuesday, October 24, 2006 8:10 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Switching distibution lists to security groups Hello, This may be an easy answer, but I want to get feedback anyway. What are the potential problems/issues/concerns with switching distribution groups to security groups? Our Sharepoint group has rolled out Sharepoint site permissions based on DLs. I believe that DLs should be used for DLs and security groups should be used for security (or permissions in this case) and have encouraged them to set the permissions accordingly. Their counter is that the site owners do not know the membership of the security groups, but know the membership of their respective groups DLs and therefore it is easier to administrate the permissions that way. A simple fix would be to switch the DLs to security groups, however that seams a bit too simple.
RE: [ActiveDir] Switching distibution lists to security groups
Rob- This came up just the other day. Check http://www.mail-archive.com/activedir@mail.activedir.org/msg47273.htmland see if the responses there help. Hunter From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Huber, Rob (HNI Corp)Sent: Tuesday, October 24, 2006 8:10 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Switching distibution lists to security groups Hello, This may be an easy answer, but I want to get feedback anyway. What are the potential problems/issues/concerns with switching distribution groups to security groups? Our Sharepoint group has rolled out Sharepoint site permissions based on DLs. I believe that DLs should be used for DLs and security groups should be used for security (or permissions in this case) and have encouraged them to set the permissions accordingly. Their counter is that the site owners do not know the membership of the security groups, but know the membership of their respective groups DLs and therefore it is easier to administrate the permissions that way. A simple fix would be to switch the DLs to security groups, however that seams a bit too simple.
