Mail-Enabling Group Objects
Mail-enabled groups can be of two types: distribution groups and security groups. The difference between the two groups is that security groups may be used to assign permissions against a resource in the forest. To mail-enable a group object, the Exchange Administrator must have the Exchange delegated role, Exchange View-Only Administrator (or higher), on the target administrative group. In addition, the Exchange Administrator must have Read and Write access to the following group object attributes:
adminDisplayName
autoReplyMessage
displayName (Display Name)
dLMemDefault
homeMTA
internetEncoding
legacyExchangeDN
mail
mailNickname (Alias)
mAPIRecipient
msExchADCGlobalNames
msExchFBURL
msExchHideFromAddressLists
msExchMailboxSecurityDescriptor
msExchPoliciesExcluded
msExchPoliciesIncluded
proxyAddresses (Proxy Addresses)
reportToOriginator
showInAddressBook
targetAddress
textEncodedORAddress