Lesson 2: Management of Administrative Groups

Exchange 2000 Server supports two means of server grouping. Physically, servers can be set in routing groups, which define areas of high network bandwidth where direct message delivery is possible. Chapter 16, "Message Routing Administration," covers routing group aspects in greater detail. Logically, meaning independent of the physical network, you can group servers for purposes of structuring administration. These arrangements are known as administrative groups.

This lesson focuses on issues regarding the configuration of administrative groups, including adding and removing servers. You need to reinstall a server if you want to move it between administrative groups.


At the end of this lesson, you will be able to:

  • Describe the purpose of administrative groups.
  • Organize server resources in administrative groups.

Estimated time to complete this lesson: 25 minutes


Configuration at the Administrative Group Level

Administrative groups primarily serve the purpose of permission management. When you right-click an administrative group container in Exchange System Manager, you can select the Delegate Control command to launch the Exchange Administration Delegation Wizard, which was covered in Chapter 5, "Installing Microsoft Exchange 2000 Server."

An administrator with appropriate permissions at the administrative group level can configure individual servers, routing groups, common policy settings, and public folder resources for all or a subset of servers. Corresponding configuration containers are located directly underneath each administrative group object (that is, Servers, System Policies, Routing Groups, and Folders). Additional configuration objects for conferencing services and chat networks may exist depending on the components installed.

Implementing Multiple Administrative Groups

Enterprises with a central information technology (IT) department don't need to implement multiple administrative groups. To keep the administrative environment simple, all servers can be placed in the default First Administrative Group regardless of the organization's size. Large national and international organizations with multiple IT groups responsible for distributed resources in different regions or departments, however, might find a decentralized administrative structure more appropriate for their needs. In this scenario, one administrative group can be created per geographical region or per department.

NOTE


The flexibility of administrative groups is limited in a mixed Exchange organization, as explained in Chapter 6, "Coexistence with Previous Microsoft Exchange Server Versions."

Administrative Groups in Active Directory Directory Service

In Active Directory, each administrative group is implemented as a separate configuration container that you can find under the following location when using the Active Directory Services Interface (ADSI) Edit utility:

 CN=Configuration,DC=BlueSky-inc-10,DC=com,  CN=Services,   CN=Microsoft Exchange,    CN=<Organization Name, such as Blue Sky Airlines>,     CN=Administrative Groups,      CN=First Administrative Group       CN=<Further Administrative Groups> 

To grant user permissions, you simply add the desired Windows 2000 account to the list of accounts with permissions for the corresponding administrative group object. Active Directory propagates security settings to all objects within that administrative group.

NOTE


Use the Exchange Administration Delegation Wizard instead of the ADSI Edit utility to manage permissions for administrative groups. Incorrect permission assignments using ADSI Edit can lead to serious configuration problems and may require you to restore your systems from backup.

Adding Servers to an Administrative Group

You can add servers to an administrative group only during setup. It is not possible to move servers between administrative groups, and it is likewise impossible to move mailboxes conveniently across administrative group boundaries. Consequently, design your administrative group topology carefully before installing Exchange 2000 Server.

Creating Administrative Groups

As long as only one administrative group exists, the Setup program of Exchange 2000 Server will not prompt you for administrative group information. It adds the new server automatically to the default group. To add a server to another group, you need to create the group before launching Setup and then select it during the installation. Creating administrative groups is trivial because new groups are initially empty containers under Administrative Groups. Start Exchange System Manager, right-click the Administrative Groups container, point to New, and then select the Administrative Group command. The only information you have to provide is a name for the new group. Administrative group names can have up to 64 characters.

After a new group has been created, you can add servers and other resources, such as system policies. With the exception of server resources, configuration objects can be moved or copied between administrative groups in Exchange System Manager.

Removing a Server from Active Directory Directory Services

It is possible to rename administrative groups, but it is not possible to move servers. Microsoft may provide special utilities for this purpose, but, without them, the only way to move a server to another administrative group is to remove and reinstall it. Before removing a server, move existing mailboxes to mailbox stores on other servers and replicate existing public folders. This is similar to the preparation of a dedicated server configuration, as explained earlier in this chapter.

Two strategies are available to remove a server from the organization. The best way is to launch the Exchange 2000 Setup program on the server that you want to remove, and, on the Component Selection wizard screen, select the Remove action. The Setup program was covered in detail in Chapter 5, "Installing Microsoft Exchange 2000 Server."

The second method is right-clicking the server object in Exchange System Manager, pointing to All Tasks, and clicking Remove Server. An Exchange System Manager dialog box will appear asking you whether you are sure. Click Yes. At this point, you will receive an error message if your Exchange 2000 server is still available in the network. Only unavailable servers can be removed using this approach. This is typically the case if the server was removed physically from the network or you have reinstalled the operating system without restoring Exchange 2000 Server from a backup.



MCSE Training Kit Exam 70-224(c) Microsoft Exchange 2000 Server Implementation and Administration
MCSE Training Kit Exam 70-224(c) Microsoft Exchange 2000 Server Implementation and Administration
ISBN: N/A
EAN: N/A
Year: 2001
Pages: 186

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net