locked
Azure AD DS Security Groups Permissions Issues RRS feed

  • Question

  • I created some security groups and was able to assign shared folder permissions and all that stuff just fine but I had duplicates of every department because I have distribution groups as well as security groups because the distribution groups wouldn't apply policies.  Then I saw mail-enabled security groups and combined the previous seperate groups into a single security group with mail enabled for each pair of groups and the new mail enabled security groups are not applying file and folder permissions appropriate.  I made sure to go to each machine hosting the shared folders and updating the share permissions as well as the file permissions and I went to my GPO for deploying mapped drives and reassigned the groups to them as well so it would reflect the original settings.

    It impacts all users in the groups, and if I set my username for access to the file shares the same way I was adding in the groups then I am able to access the drive so the permissions being set are being carried and implemented, just not when specific to a group

    • Edited by metsubo Monday, August 7, 2017 6:40 PM
    Monday, August 7, 2017 6:37 PM

Answers

  • __Is this saying that simple by the fact that it has mail-enabled=true means that the only way the security group would work is if it was using exchange for something?  So I'll have to have separate security groups and distribution groups?__

    Edit:

    It looks like coming in this morning they are now applying properly as security policies so it might be that the groups take a long time to get established in the system.  Does that make sense



    • Edited by metsubo Tuesday, August 8, 2017 4:33 PM
    • Marked as answer by metsubo Tuesday, August 8, 2017 4:34 PM
    Tuesday, August 8, 2017 4:11 PM

All replies

  • Refer to the SO link - https://stackoverflow.com/questions/25747961/creating-mail-enabled-security-group-in-azure-active-directory-or-exchange-onlin and see if that answers your question.

    -----------------------------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.

    Tuesday, August 8, 2017 6:58 AM
  • __Is this saying that simple by the fact that it has mail-enabled=true means that the only way the security group would work is if it was using exchange for something?  So I'll have to have separate security groups and distribution groups?__

    Edit:

    It looks like coming in this morning they are now applying properly as security policies so it might be that the groups take a long time to get established in the system.  Does that make sense



    • Edited by metsubo Tuesday, August 8, 2017 4:33 PM
    • Marked as answer by metsubo Tuesday, August 8, 2017 4:34 PM
    Tuesday, August 8, 2017 4:11 PM
  • Could be. BTW, thanks for the update.
    Wednesday, August 9, 2017 11:07 AM