Just one of the standard questions I use for DL expansion issues. Not relevant to a single domain forest but we don't know in this case if this is for sure a single domain forest or they simply manage a single domain in a forest. I've made that assumption based on verbiage in the past and paid for it, little more careful now[1].
Anyway, the one group specifically not receiving the message sounds very much like it isn't mail enabled, the group is a global/dlg that isn't being expanded on the correct GC, or the permissions for the group have been modified incorrectly. Actually that reminds me, another question I should have specifically spelled out below is "are the permissions standard for the groups and users?", i.e. has anyone tried to tighten down the directory? joe [1]"No, the forest has multiple domains, the other domain is just an empty root and is run by the schema admin folks until the rest of the company converts, we don't have any groups or users in that domain so we didn't figure you wanted to hear about it...". You have to love hearing that after several hours of trying to troubleshoot from descriptions and start catching inconsistencies. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, February 06, 2006 11:18 PM To: [email protected] Subject: RE: [ActiveDir] Nesting groups Joe, What would be the point of B? Deji -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, February 06, 2006 5:35 PM To: [email protected] Subject: RE: [ActiveDir] Nesting groups No limits that I am aware of, I swear I have tested in the past to 4 or 5 layers and seen it work. I know I definitely tested three layers as I have done that several times to mimic various environments. I would A. Make sure all groups/users in question are mail-enabled. B. Make sure that the groups truly are universal. C. Make sure that the groups are all replicating properly to the GCs that the Exchange servers are using. D. Doublecheck settings on the groups that you think are involved in users not getting mail. E. For testing, Send mail to each of the lists individually and check for recipt. Step up a level in nesting, repeat. The size of the DL is relatively small so it isn't an issue with number of users. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Rochford Sent: Monday, February 06, 2006 11:30 AM To: [email protected] Subject: [ActiveDir] Nesting groups Is there a limit to the amount of nesting which can be carried out on Universal Security Groups? We have a single domain (mix of Windows 2003 and 2000 servers) with Exchange 2003 and a number of nested groups but we've just discovered a problem - mail sent to some of the lists is not reaching all the members of the list. Some detail: Top level list: Technology_Faculty This comprises: Technology_Teaching, Technology_Support, Technology_Admin, Technology_Technicians Each of those groups is split further; eg: Technology_Teaching contains: School_Auto_Engineering, School_Building_Crafts, School_Mech_Engineering etc The schools then split eg: School_Auto_Engineering: Curriculum_Body_Paint, Curriculum_Mechanical and users are added to the lowest level groups. Email sent to the Technology_faculty group doesn't get delivered to all the people - as far as I can tell (by looking at the Exchange log) it misses completely the group called "technology_teaching" In total, there are only about 200 people across all the sub-groups. If this is "working as designed" then is there a way round it? If it's broken, then suggestions, please, for fixing it! Steve List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
