Groups

Previous page
Table of content
Next page
[Previous] [Next]

In Windows 2000, a group is a container of sorts that can hold users and other groups. You can assign permissions to a group that are inherited by all of the objects in that group. This makes the group a valuable Windows 2000 security construct. Exchange 2000 Server also uses groups for another purpose. A group can be mail enabled and then populated with other mail- or mailbox-enabled recipients to make a distribution list, a term you may be familiar with from earlier versions of Exchange Server. A group can contain users, contacts, public folders, and even other groups. When you send a message to a mail-enabled group, the message is sent to each member of the list individually. Groups are visible in the Global Address List.

Creating a Group

Creating a new mail-enabled group is easy. Choose New Group from the Action menu of Active Directory Users and Computers. This command starts the New Group Wizard, as shown in Figure 9-19. Enter a group name that describes the members the group will contain. You must also choose a group scope and a group type. The group scope defines the level at which the group will be available in Active Directory. The group type defines whether the group is for security or distribution purposes. A security group can be mail enabled and used for distribution purposes, but a distribution group cannot be used for security purposes. When you're done, click Next.

click to view at full size.

Figure 9-19. Creating a distribution group.

On the next screen of the New Group Wizard, you can specify whether a mail address should be created for the new group, and you can enter an alias name. If you are creating a group to be used as a distribution list, you must create an email address. Once you click Finish in this screen, the new group is created and you are ready to add members. This process is described in the next section, along with other ways of configuring groups.

Configuring a Group

You configure a group in the same way that you configure other recipients—with a property sheet. Many of the tabs are identical to those of the same name for user objects; refer to the "Users" section earlier in this chapter for details on those tabs. Some of the tabs found on a user's property sheet simply don't exist for a group. This section covers the three Exchange-related tabs that do differ for a group.

Members Tab

The Members tab lists every member of the group. Use the Add button to access the Active Directory list, from which you can add new members to the group. You can use the Remove button to remove selected members.

Managed By Tab

The Managed By tab, shown in Figure 9-20, lets you assign an owner to the group. The owner manages the group's membership. By default, the administrator who creates the group is the owner, but you can designate as owner any user, group, or contact in the Global Address List. If you give ownership to another user, that user can use an Exchange client or Outlook to modify the group's membership and does not need access to Active Directory Users and Computers. You can relieve yourself of a great deal of work by specifying owners for the groups you create. As groups grow larger, they can consume a considerable amount of management time.

Figure 9-20. Specifying a group owner.

Exchange Advanced Tab

The Exchange Advanced tab, shown in Figure 9-21, holds several configuration options that may be familiar to you, such as a simple display name and the Custom Attributes button. You can also, however, configure several options that are specific to distribution lists:

  • Expansion Server Whenever a message is sent to a group, the group must be expanded so that the message can be sent to each member of the group. The Message Transfer Agent (MTA) service of a single Exchange server performs this expansion. The default choice is Any Server In Site. This setting means that the home server of the user sending the message always expands the group. You can also designate a specific server to handle expanding the group. The choice of a dedicated expansion server is a good one if you have a large group. In this case, expansion could consume a large amount of server resources, which can compromise performance for busy servers.

  • Hide Group From Exchange Address Lists If you select this option, the group is not visible in the Global Address List.

  • Send Delivery Reports To Group Owner If you select this option, the owner of the group is notified whenever an error occurs during the delivery of a message to the group or to one of its members. This option is not available if the group has not been assigned an owner.

  • Send Delivery Reports To Message Originator If you select this option, any error notifications are sent to the user who sent a message to the group. If the Send Delivery Reports To Group Owner option is also selected, both the sender and the owner are notified.

  • Send Out-Of-Office Messages To Originator Users can configure Exchange clients to reply automatically to any messages received while they are away from their offices. When this option is selected, users who send messages to the group can receive these automatic messages. For particularly large groups, it's best not to allow out-of-office messages to be delivered because of the excess network traffic they generate.

Figure 9-21. Setting advanced properties for a group.

REAL WORLD   Using Message Restrictions on Groups

The Message Restrictions area of the Delivery Restrictions dialog box (displayed by clicking Delivery Restrictions on the Exchange General tab) is often much more useful for groups than for individual users. In large organizations, groups can grow quite large, sometimes holding thousands of users. Because of the possibility of misuse, it is usually not a good idea to provide general access to groups this large. Imagine the increase in traffic if your users sent messages to thousands of users every time their kids had candy bars to sell or they found a good joke. Placing delivery restrictions on large groups allows you to limit access to the groups to a few select, responsible users.

Another potential risk is that someone from the Internet could e-mail everyone in your company, using a group's SMTP address. Imagine what your job would be like on the day that an anonymous person e-mailed malicious information to the entire company. Limiting access to the group will also help prevent this type of unwanted mail from occurring.


Previous page
Table of content
Next page
Microsoft Exchange 2000 Server Adminstrator's Companion
Microsoft Exchange 2000 Server Adminstrator's Companion
ISBN: N/A
EAN: N/A
Year: 1999
Pages: 193
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
FileMaker Pro 8: The Missing Manual
Visual C# 2005 How to Program (2nd Edition)
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy