Recipe17.20.Creating a Mail-Enabled Distribution List

Previous page
Table of content
Next page

Recipe 17.20. Creating a Mail-Enabled Distribution List

Problem

You want to create a mail-enabled distribution list.

Solution

Using a graphical user interface

  1. Open the ADUC snap-in.

    This needs to be run on a workstation or server that has the Exchange Management Tools loaded (see Recipe 17.6)


  2. If you need to change domains, right click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, browse to the parent container of the new DL, right-click on it, and select New

    Enter group name, select group scope, select group type, and click Next.

  4. Verify that Create an Exchange e-mail address is selected and click Next.

  5. Click Finish.

Using a command-line interface

The following command creates a group:

> dsadd group "<GroupDN>" -scope <Group Scope> -secgrp yes|no

The following command mail-enables a group:

> exchmbx -b "<GroupDN>" -me

Replace <GroupDN> with the group's distinguished name, <Group Scope> with l, g, or u for local group, global group, or universal group, respectively. -secgrp should be set to yes if this is to be a security group, no otherwise.

To create and mail-enable a distribution universal group named UniDL, execute the following commands:

> dsadd group "cn=UniDL,ou=grps,dc=rallencorp,dc=com" -scope u -secgrp no > exchmbx -b "cn=UniDL,ou=grps,dc=rallencorp,dc=com" -me

For an alternative method, create an LDIF file called create_dl.ldf with the following contents:

dn: CN=<group name>,<Parent DN>  changetype: add objectClass: group cn: <group name> sAMAccountName: <group name> groupType: <group type> mailNickname: <mail nickname> legacyExchangeDN: <legacy exchange DN> reportToOriginator: TRUE

Replace <ParentDN> with the distinguished name of the container where you want the group created, <group name> with the name you want the group to be called, <group type> with the group's scope and type value, <mail nickname> with the group's mail nickname, and <legacy exchange DN> with the proper legacy exchange distinguished name value. As mentioned in Recipe 17.9, you can skip specifying the legacyExchangeDN if you want Exchange to populate the value for you.

To create a Universal Distribution List group with an Exchange generated legacyExchangeDN, create the file with the following contents:

dn: CN=UniMailGroup,CN=groups,DC=rallencorp,DC=com  changetype: add objectClass: group cn: UniMailGroup sAMAccountName: UniMailGroup groupType: 8 mailNickname: UniMailGroup  reportToOriginator: TRUE

Then run the following command:

> ldifde -i -f create_dl.ldf

Using VBScript
' This code creates and mail enables a Distribution List ' ------ SCRIPT CONFIGURATION ------ strParentDN  = "<ParentDN>"   ' e.g., ou=groups,dc=rallencorp,dc=com strGroupName = "<GroupName>"   ' e.g., JoewareUsers ' ------ END CONFIGURATION --------- ' Constants taken from ADS_GROUP_TYPE_ENUM Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 1 Const ADS_GROUP_TYPE_GLOBAL_GROUP       = 2 Const ADS_GROUP_TYPE_LOCAL_GROUP        = 4 Const ADS_GROUP_TYPE_SECURITY_ENABLED   = -2147483648 Const ADS_GROUP_TYPE_UNIVERSAL_GROUP    = 8     set objOU = GetObject("LDAP://" & strParentDN) set objGroup = objOU.Create("group","cn=" & strGroupName) objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP objGroup.Put "sAMAccountName", strGroupName objGroup.MailEnable objGroup.SetInfo Wscript.Echo "Successfully created mail-enabled DL."

Discussion

Anyone who has used a distribution list knows how useful they can be. It is much easier to send email to a single email address than to tens or hundreds or even thousands of addresses. Exchange allows you to mail-enable any group object in Active Directory. Then, when someone sends email to that group, every mail-enabled or mailbox-enabled user in the group will receive a copy of the email.

Creating a mail-enabled group requires Exchange Data Administrator permissions. See the Discussion for Recipe 17.7.


Active Directory groups can have a group type of security or distribution. While distribution lists are usually of type distribution, you can mail-enable security groups as well. In fact, if anyone in the Exchange Organization uses a distribution group to grant permissions to anything in Exchange, whether it is a calendar or a folder or any other object, Exchange converts the distribution group to a mail-enabled security group. This is something to be aware of because more than one administrator has found himself in a position trying to explain why distribution groups had mysteriously changed into security groups.

A popular question I've often heard is: What scope should my distribution groups have? The official response is: whatever scope you need. If you have a multidomain environment, you should probably use a universal group. Mail-enabled groups have to be fully expandable on any global catalog that gets the request to expand the membership. The only group scope that qualifies in a normal multidomain environment is a universal group. If you have a single-domain environment, any group scope will work fine.

When you create a mail-enabled group with the GUI or VBScript, you are using the CDOEXM interface. This interface is the Microsoft-supported method of managing Exchange attributes on users, groups, and contacts. MailEnable is the specific method called. In the background, the specific changes made by the MailEnable method are on the group object in Active Directory and include changes to the following attributes:

  • reportToOriginator

  • mailNickname

  • legacyExchangeDN

Once those attributes have been set, the RUS sets additional attributes on the group object to make the group usable by Exchange.

Using a graphical user interface

Using the GUI to create distribution groups is straightforward. Mail-enabling an existing group is similar to mail-enabling a user or contact, except you don't have to specify an email address.

Using a command-line interface

The main things to be concerned with the command-line version of this recipe are the group scope, group type value, and, for the LDIF solution, the specifics concerning the mail attributes mailNickname and legacyExchangeDN mentioned in Recipe 17.9. The group type determines the scope of the group and whether it is also security enabled. See the constants defined in the VBScript example for the values to use. The email address can not be specified for mail-enabled groups, that attribute will be handled by the RUS.

Using VBScript

This script creates a universal distribution group. All of the constants are included for group scope and type, so you can modify the code to suit your needs. If you need to make a group a security group, simply or in the TYPE_SECURITY_ENABLED flag like so:

ADS_GROUP_TYPE_UNIVERSAL_GROUP or TYPE_SECURITY_ENABLED

See Also

Recipe 17.7, MS KB 839949 (Troubleshooting mail transport and distribution groups in Exchange 2000 Server and in Exchange Server 2003), MS KB 275636 (Creating Exchange Mailbox-Enabled and Mail-Enabled Objects in Active Directory.), MS KB 251631 (XADM: How to Create Distribution Lists in Exchange 2000 Server), and http://www.microsoft.com/technet/prodtechnol/exchange/2000/deploy/access.mspx


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
Snort Cookbook
Data Structures and Algorithms in Java
MySQL Cookbook
GO! with Microsoft Office 2003 Brief (2nd Edition)
Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy