Yes, you can do what you want, but the behavior is undefined. USGs have the benefit of having their membership correct in every domain of a forest. That is not true for domain groups. Exchange does not (and will not) ensure that a domain group will be expanded on a DC of that domain.
If you have a single domain forest, then all is well. Otherwise - it’s purely by chance. From: [email protected] [mailto:[email protected]] On Behalf Of Han Valk Sent: Friday, July 15, 2016 4:29 AM To: [email protected] Subject: [Exchange] RE: Nesting other groups in Exchange 2013 role groups Hi Michael, Sorry but that’s not what I meant to ask, let me try to clarify. What about introducing a Global Security Group at the 3rd level like in my drawing. Documentation says that Role Groups only should contain other Universal Groups and/or mailboxes but nothing about the Group Scope of groups nested at deeper levels. Would my scenario be supported? Any documentation on this that I overlooked? Regards, Han. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Wednesday, 13 July, 2016 19:01 To: [email protected]<mailto:[email protected]> Subject: [Exchange] RE: Nesting other groups in Exchange 2013 role groups Sure. they behave like any other security group in AD. Because that’s what they are. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Han Valk Sent: Wednesday, July 13, 2016 4:32 AM To: [email protected]<mailto:[email protected]> Subject: [Exchange] Nesting other groups in Exchange 2013 role groups Hello list, I’ve got a question about nesting other groups in existing or new management role groups. Management roles groups are of the Universal Security Group type and it can hold users with mailboxes and other USGs. But I can’t find any documentation about further nesting. But what about triple nesting: Global Security Group → Universal Security Group → Existing Role Group like shown below: [cid:[email protected]] Regards, Han.
