Yes you can see the membership because the checkbox does some funny business to keep that specifically working.
Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Friday, January 29, 2010 8:16 AM To: NT System Admin Issues Subject: RE: N00b question Maybe easy for people with computer skills. Most of our users don't have that ability. I am able to see the membership of the group from ADUC, but I am the "Exchange Administrator". *sigh* It was just so easy to check the box and give someone else rights to manage it. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, January 29, 2010 12:30 AM To: NT System Admin Issues Subject: RE: N00b question The feature was a hack and it was easily worked around and/or broken. Basically what happened was the checkbox denies read access to the member attribute on a group. The problem then becomes that administrators can't read it either, so, the checkbox puts the entries in the ACL out of order basically so that admins can still read it. As soon as you open the security tab on an affected group, the UI reorders the ACL such that it's properly ordered (canonical). The fix for this is that the RUS (which is gone in Exchange 2007+) keeps an eye on the group and reorders the ACL back to out of order when this happens. There's nothing stopping you from searching AD for say memberOf=cn=MyGroup,DC=company,DC=com and getting the membership. The workaround (to some degree) is to create the group with hidden membership, and then create a group with the actual membership which is hidden from the GAL and nested in the effect DL. You also still need groups with screwy ACLs to really pull this off. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Thursday, January 28, 2010 3:04 PM To: NT System Admin Issues Subject: RE: N00b question That is asinine. How much trouble would it have been to keep this feature in there? From: Andrew Levicki [mailto:and...@levicki.me.uk] Sent: Wednesday, January 27, 2010 8:46 AM To: NT System Admin Issues Subject: Re: N00b question Sorry, I misunderstood your point. But you are right, this feature is no longer available in Exchange 2007. There is a workaround according to TechNet: http://technet.microsoft.com/en-us/library/dd577075(EXCHG.80).aspx Does anyone know if this is the same in Exchange 2010? Cheers, Andrew 2010/1/27 Maglinger, Paul <pmaglin...@scvl.com<mailto:pmaglin...@scvl.com>> So there's no way to hide the membership of distribution groups on Exchange 2007+? From: Andrew Levicki [mailto:and...@levicki.me.uk<mailto:and...@levicki.me.uk>] Sent: Wednesday, January 27, 2010 8:26 AM To: NT System Admin Issues Subject: Re: N00b question I heard the main reason was to separate out the AD and Exchange side of things in response to feedback from larger organisations. 2010/1/27 Maglinger, Paul <pmaglin...@scvl.com<mailto:pmaglin...@scvl.com>> For God's sake, why? From: Brian Desmond [mailto:br...@briandesmond.com<mailto:br...@briandesmond.com>] Sent: Wednesday, January 27, 2010 12:15 AM To: NT System Admin Issues Subject: RE: N00b question That was deprecated post Exchange 2003 FYI Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Maglinger, Paul [mailto:pmaglin...@scvl.com<mailto:pmaglin...@scvl.com>] Sent: Tuesday, January 26, 2010 9:21 AM To: NT System Admin Issues Subject: RE: N00b question Go into ADUC, Exchange Tasks, and select Hide Membership. From: David Lum [mailto:david....@nwea.org<mailto:david....@nwea.org>] Sent: Tuesday, January 26, 2010 9:11 AM To: NT System Admin Issues Subject: N00b question You'd think I would know this one, but I don't. How do I create a distribution list that I can use that doesn't list the recipients once I send it? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -- Kind regards, Andrew Levicki MCITP MCSE CCNA and...@levicki.me.uk<mailto:and...@levicki.me.uk> www.andrewlevicki.eu<http://www.andrewlevicki.eu> -- Kind regards, Andrew Levicki MCITP MCSE CCNA and...@levicki.me.uk<mailto:and...@levicki.me.uk> www.andrewlevicki.eu<http://www.andrewlevicki.eu> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
