What is the relationship between Active Directory groups and groups in Exchange?

Question

What is the relationship between Active Directory groups and groups in Exchange?

The task of creating a login page that would allow members of two specific groups to access some of the controllers and actions in the MVC project, I began to create a role provider for AD. I was able to configure it using forms authentication and list the groups to which the authenticated user in AD belongs.

It turns out, however, that the groups I was asked to install this to are not AD groups. I see many groups, but not the ones in question.

The request was based on the fact that these groups appear in the Exchange global address book, but there does not seem to be a 1: 1 relationship.

Is there any relationship?

+6

active-directory exchange-server roles active-directory-group

Jay Jan 7 '11 at 5:30

source share

1 answer

Harvey kwok · Accepted Answer · 2011-01-08T01:54:09+0000

There are two types of groups in Active Directory, the distribution list and the security group. The security group is used in the ACL, while the mailing list is mainly used in email lists and other ACL related materials.

UserPrincipal.GetAuthorizationGroups () returns only security groups.
UserPrincipal.GetGroups () returns the security group as well as the distribution list.

Remember that unlike UserPrincipal.GetAuthorizationGroups (), UserPrincipal.GetGroups () returns only the immediate group to which the user belongs. If GroupA contains GroupB and GroupB contains UserX, userX.GetGroups () returns only GroupB, but not GroupA.

Just note that there are bugs in .NET 3.5 SP1. UserPrincipal.GetGroups () may not work correctly, you might want to check out this hotfix http://support.microsoft.com/kb/969166

What is the relationship between Active Directory groups and groups in Exchange?

More articles: