As of Exchange 2007 and later, distribution lists are required to be universal. This corrects a number of problems associated with DL expansion in a multi-domain forest. For more information on this, see my recent article in EMO.
Unless you have specific reasons to limit scope (and there are some, such as many domains split across low bandwidth high latency connections), I'd make it all universal. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 4:01 PM To: NT System Admin Issues Subject: AD groups Domain local, global, universal Scenario: Two domains, domain.local and a child domain called subdomain. All users in the company are in subdomain.domain.local, Exchange servers are in subdomain as well. Effectively *everything* is in subdomain I have a share \\ServerA.subdomain.domain.local\share <file:///\\ServerA.subdomain.domain.local\share> and I want to create a security group to access this share. I'll name it _Servername\Share. A quick Goggle-fu refresher makes me think in my case the security groups should be domain local and distribution lists should be global. I have a separate forest (otherdomain.local) that sometimes subdomain.domain accounts hit, but I don't think it has any bearing on this decision. Comments? Dave Lum - Systems Engineer [EMAIL PROTECTED] - (971)-222-1025 "When you step on the brakes your life is in your foot's hands" ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
