Just a quick question really. We have 100s of distribution groups and some are nested within non-mail enabled groups which are global groups. We originally had the idea of just converting the distribution groups over to Universal groups to support Exchange 2010 but this won't be an option as some distribution groups are members of loads of security groups and you cannot change a global group to a universal group if it is a member of a global group. How do others cope with this? Do you just convert ALL groups in AD to universal or do you spend days trying to figure out which distribution groups are members of non-mail enabled groups and then converting these non-mail enabled groups to universal so that you can change the distribution group? I didn't originally set this domain up and have never come across so many distribution groups nested inside security groups before so maybe this is just a one-off case, but what would the consequences be in a SINGLE DOMAIN environment (we only have 3 domain controllers and a single domain) with just converting all global groups to universal and that being job done?

Technically converting might work. But groups in AD serves much more purposes than just distribution groups. I would not be so fast on converting them, but I would spent several days of rethinking my Active Directory domain design. With group design you can think of AGDLP practice. If you have single domain forest without any trusts, there will be no impact. You can also think about mail enabling security groups that are not mail enabledWith kind regards Krystian Zieja http://www.projectnenvision.com Follow me on twitter My Blog

Thanks for the reply. They are running 2008 R2 functional level across all 3 domain controllers. Given that it is a single domain with only 3 domain controllers across two sites, the only drawback I can see to converting the groups to universal is the amount of traffic it will generate across the global catalog servers. Given the link between the sites is extremely fast and there are only 600 users (but unfortunately hundreds of nested groups!) I was hoping just converting the groups would be OK. Best would be if they could clean up the groups but I will speak to them today about time scales and manpower to help out. Just looknig at alternative options in the meantime.