When you are assigning shared calendar permissions in Exchange Server 2010 you may encounter situations where users who are members of a group that is nested within the group you grant permissions to still can’t access the calendar.
This can occur when one of the groups in the chain of nested groups is not a Security group. Only Security groups can be used to apply ACLs to objects, Distribution groups can’t be used for this.
In the example below a group has been granted permissions to the calendar, and two users are made members of the parent group through different nested groups.
In this situation the first user will be able to access the shared calendar because only Security groups exist in the chain of nested groups for them. However the second user will not be able to access the calendar because of the Distribution group that is in their chain of nested groups.
The solution is to simply convert any Distribution groups to Security groups. They can remain as mail-enabled Security groups and still be used for email purposes, but will now also be able to be used for granting access to resources as well.
About Paul Cunningham
I thought i found what i needed but sadly no
. I have a security group which has Send As rights on a mailbox. Within this security group are two other security groups with users in each group. Group 1 can Send As and Group 2 can’t. All are security groups so it should work.
If i take the user of Group 2 and place them directly in the security group that has access to the mailbox then they can Send As.. weird? I think so. Solution? Not found yet (kinda hoping you can shed some light on this
)
Is Group 2 a universal group?
All groups involved are Universal – Security groups.
Are Group 1 and Group 2 located in the same OU?
Group 1 and 2 are in the same OU named Roles.