warning message while 'domainprep'ing!

newbienewb

I am getting the following warning message while 'domainprep'ing.

The domain "mydomain" has been identified as an insecure domain for mail-enabled groups with hidden DL membership.Hidden DL membership will be exposed to members of the built-in "Pre-Windows 2000 Compatible Access" security group.This group may have been populated during the promotion of the domain with the intent of allowing permissions to be compatible with pre-windows 2000 server and application.To secure the domain,remove any unnecessary members from this group.

what does this mean? anyone please explain??

Slowhand

My first guess would be that the domain is in mixed mode, not 2000 or 2003 native, to allow pre-2000 clients access. This is usually determined during setup, depending on which radio button you pick, (along with a warning about security.) You can raise the functionality to 2000/2003, as long as you have no legacy servers on the network.

Danman32

It's just a warning that pre-2000 group is not secure so if you don't need it, remove any members from it. If a distribution list group has hidden members, the members may not be so hidden after all.

For example, you have a sales group used as a distribution list group for Exchange, where users and clients that send emails to this group the mail goes to the members of the group. Your boss wants to monitor what goes to this group, so he makes himself a hidden member. If he is also a member of the pre-2000 group, he may become visible.

newbienewb

thnks folks for your great explanation with example, it really helps a newbie to MS-ES!!