We had a big block of our Distributions groups changed to Security groups by our Exchange server computer account. Does anyone know why the Exchange server computer account would be making this type of change? I have never seen this happen before and can't see any reason why Exchange would need to do that. I am not sure if this is an Exchange issue, or something else, but I have posted one of the events below. Any help would be appreciated. Event Origin Details: Date: 4/19/2010 Time: 9:15:51 AM Type: Success Audit Username: EXCHANGE$ Computer: DC2 Source: Security Category: Account Management Event ID: 668 Internal Event ID: FC4F9A5D1123 Rule Name: Security enabled group type changes In Work Hours: Yes Group Type Changed: Security Disabled Universal Group Changed to Security Enabled Universal Group. Target Account Name: ***** Target Domain: ** Target Account ID: **\***** Caller User Name: EXCHANGE$ Caller Domain: ** Caller Logon ID: (0x0,0x4D05941C) Privileges: - More information: User EXCHANGE$ from domain ** has changed property Security Disabled Universal Group Changed to Security Enabled Universal Group. of the Group ***** belonging to domain **.

On Tue, 20 Apr 2010 16:44:09 +0000, JMWF2009 wrote:>We had a big block of our Distributions groups changed to Security groups by our Exchange server computer account. Does anyone know why the Exchange server computer account would be making this type of change?Exchange 2003? Is the organization still in mixed-mode? Were the DLsused to ACL Public Folders?http://technet.microsoft.com/en-us/library/aa996258(EXCHG.65).aspx---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

We are in 2003 mode at both forest and domain level. And while I have not seen any indication that the DLs were used in that fashion, I am not 100% sure that didn't happen. However all the changes took place in about 30 seconds on about 30-40 DLs. The event logs show that the Exchange server computer account was what made the change. I verified that through the Exchange Enterprise Servers security group that the computer really did have permission to do this. And although I can change them back into DLs, I would really like to know why this happened. We don't have a high enough support level with our EA agreement for Microsoft to figure out why this happened, and their suggestion was to just change the groups back. So I am still scratching my head..

On Wed, 21 Apr 2010 14:46:37 +0000, JMWF2009 wrote:>>>We are in 2003 mode at both forest and domain level. And while I have not seen any indication that the DLs were used in that fashion, I am not 100% sure that didn't happen. However all the changes took place in about 30 seconds on about 30-40 DLs.The conversion happens when the Public Folder hierarchy is replicated,so their being changed in that short period of time (which isn'treally that short for a computer) isn't surprising.>The event logs show that the Exchange server computer account was what made the change. I verified that through the Exchange Enterprise Servers security group that the computer really did have permission to do this.Also not surprising.>And although I can change them back into DLs, I expect that if you do they'll just be changed back to securitygroups.>I would really like to know why this happened. Find out if the DLs were used to ACL any public folders>We don't have a high enough support level with our EA agreement for Microsoft to figure out why this happened, and their suggestion was to just change the groups back. So I am still scratching my head..---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP