Planning and Creating Distribution Groups

 < Day Day Up > 

Distribution Groups are created when a collection of Active Directory Objects requires membership to a mail-enabled list in Exchange Server 2003. This allows the Distribution Group to receive messages to a single address in Exchange, which can then be distributed to all members of the group.

Also known as distribution lists in Microsoft Exchange 5.5, Distribution Groups can now be created to span domains. However, Distribution Groups posses no capability to be listed in the Active Directory Discretionary Access Control List (DACL) for purposes of assign permissions.

When working with Distribution Groups, functionality and replication depend on several domain and forest factors. Depending on the type of groupUniversal, Global, or Localand the Exchange server and domain functional levels where the group is created, each type of group can be configured to nest other groups or replicate across domains. In this section, we review the different Distribution Group scopes, the functionality of each scope, and how Distribution Groups are created.

NOTE

With Exchange Server 2003 and Active Directory, the scope of the Distribution Groups can easily be converted when the domain functional level is in Native Mode. Using the properties of the Distribution Group, administrators can select the scope and type that the Distribution Group can become.


Determining Distribution Group Scopes

Before creating Distribution Groups in Exchange Server 2003, it is important to understand what capabilities each scope enables. Distribution Groups can be created in one of the three following scopes: as a Universal Distribution Group, Domain Distribution Group, and Domain Local Distribution Group.

Each scope provides different functionality within the Active Directory domain and forest in which it reside. Depending on the scope of Distribution Group, other Distribution Groups, user accounts, and even contacts can be members of a single Distribution Group.

Review each type of group to assist in planning and creating the most appropriate Distribution Group for your organization.

  • Domain Local Best utilized in a single domain scenario, the Domain Local scope allows the following member types: account objects (user accounts, contacts), additional groups with the Domain Local scope, groups with the Global scope, and groups with the Universal scope. Each Domain Local group exists only within the domain it is created, and group membership is not present when viewing the Global Catalog.

  • Global Global Distribution Groups are configured when access to view the group is required in the Global Catalog. Although the Global Distribution Groups can be seen in the Global Catalog, membership of the group is not visible. Each Global group is present only within the domain it is created, and changes are not replicated outside to other domains.

  • Universal Universal groups allow administrators to nest nonreplication Global and Domain Local groups for ease of management. Use the Universal scope to consolidate Distribution Groups from multiple domains. All changes to universal groups are replicated to all Global Catalog servers in the forest. Nesting groups requires less replication traffic when changes occur to a member of the nested group.

Creating Distribution Groups

To create a Distribution Group, administrators must first determine the scope for the groups and the address name that the group will receive messages as. In this scenario, you will create a Distribution Group with the Global scope. This group will be mail-enabled to receive and distribute messages to all its members in the local domain.

To begin creating the Distribution Group, open the Active Directory Users and Computers management console and select the Organizational Unit where the Distribution Group will reside. Complete the following steps to add a Distribution Group to Active Directory:

  1. From the Action menu tab, select New and then Group.

  2. On the New Object Group tab, enter the name of the Distribution Group.

  3. Make the scope for the distribution Global, and select the type of group as Distribution.

  4. The Create In tab allows you to create the email address for the Distribution Group. Click the check box Create an Exchange Email address. This option mail-enables the Distribution Group.

  5. If required, modify the alias name for the Distribution Group and select the Administrative Group that your group will be associated with. Click Next , Finish to finish creating the group.

NOTE

The Associated Administrative Group option is used to determine which default recipient policy and email address will be assigned to the Distribution Group.


Adding Distribution Group Membership

After the Distribution Group has been created, the administrator can add members to the group. To add members to the group, select the Distribution Group and open the properties of the group by selecting Action, Properties. Then complete the following steps:

  1. From the Properties tab of the Distribution Group, select the Members tab.

  2. Click the Add button to select the Active Directory accounts to be added to the group.

  3. To show all the accounts in the domain, select the Advanced tab. Select the domain where the account resides and click Find Now. This searches Active Directory and displays all accounts and groups in the domain selected.

    NOTE

    To search for contacts, enable the contacts search function by selecting the Object Type tab and placing a check in the selection next to Contacts.

  4. Select the account objects to be added as members to the Distribution Group. Select OK twice to return to the Members tab.

  5. Repeat these steps until all members and objects have been added to the Distribution Group.

Creating Query-Based Distribution Groups

Query-based Distribution Groups are identical in functionality to a normal Distribution Group. The one benefit to the new Exchange Server 2003 feature is that query-based Distribution Groups assign group membership based on LDAP queries.

Available only in Exchange Server 2003 Native Mode, query-based Distribution Groups allow administrators to dynamically assign members to the group without having to perform the manual task of adding and removing account objects after the group is created.

For example, using the Filter option, if a query-based Distribution Group is created, membership can be defined by selecting all mail-enabled users within the Active Directory domain. This option adds all mail-enabled account objects to the Distribution Group membership; any new accounts also are added as they are mail-enabled in Active Directory.

Filter options for created query-based groups include the following:

  • Users with Exchange Mailboxes

  • Users with External Mail Addresses

  • Mail-Enabled Groups

  • Contacts with External Email Addresses

  • Mail-Enabled Public Folders

  • Customer Filters

To create a query-based Distribution Group, open the Active Directory Users and Computers management console, and select the Advanced Features option from the View menu.

  1. Select the Organizational Unit where the query-based Distribution Group will be created. From the Action menu, select New, and Query-Based Distribution Group.

  2. On the New Object tab, enter the name for the new query-based Distribution Group and select Next to continue.

  3. For this exercise, click the Change button and select Domain.com, Users Organizational Unit. This option applies this filter to all users in the Users Organizational Unit. Next, select the Users with Exchange Mailbox option. This applies the option to all accounts in the User container with a mailbox.

  4. Select Next to continue and Finish to finish creating the new query-based Distribution Group.

Managing and Maintaining Distribution Groups

As organizations grow and the Exchange Server 2003 tree becomes more complicated, administrators can find themselves faced with the task of managing and maintaining large numbers of Distribution Groups, as well as dealing with the effects of these groups when replicating across the network.

To simplify the day-to-day administrative tasks associated with adding and removing group memberships, administrators can now assign an Active Directory user account permissions to manage a Distribution Group. This account can be added to the Managed By tab of the Distribution Group properties, allowing the account to manage and update the membership list of the Distribution Group it is assigned.

Creating a Distribution Group Manager

To add an account to manage a Distribution Group, select the Distribution Group and open the properties pages of the Distribution Group by selecting File, Properties from the Active Directory Users and Computers management console. To add the account, complete the following steps:

  1. Select the Managed By tab and click the Change button to add an account to manage the Distribution Group.

  2. Click the Advanced tab and search Active Directory for the account to be added. Select the account and click the OK button when complete.

  3. Select the Manager Can Update Membership List check box to enable permission for the account added, and click OK when complete.

The account added can now change and update the membership to the distribution list.

Managing Distribution Group Replication

Another area related to managing Distribution Groups is maintaining effective and seamless replication. In larger environments, changes to universal group memberships are replicated to all Global Catalog servers in the Active Directory forest and, in some cases, affect bandwidth availability over WAN links.

To avoid replication issues related to Distribution Groups, administrators can nest global groups and local groups with a single Universal group. By nesting groups, account changes and membership changes are completed at the domain level. Because these changes occur within the Global group and not the Universal group level, replication of changes to the Global Catalog server is not required.

Mail-Enabling Groups

With Exchange Server 2003, both distribution and security groups can be mail-enabled to receive messages for all members. Unlike a security group, a distribution group is strictly created for the association in Exchange to receive and distribute messages. When groups are converted from one type to another, they are not always automatically mail-enabled.

To mail-enable a group in Exchange Server 2003, first select the group in Active Directory Users and Computers and complete these steps:

  1. From the Action menu, select Exchange Task.

  2. On the Welcome to Exchange Task screen, select Next.

  3. On the Available Task screen, select Establish Email Address on Groups and click Next.

  4. Confirm the mail alias for the group and select Next.

  5. Select Finish to finish adding an email address to the group.

It is always a good practice to open the properties page for the group and review the email addresses to ensure that they were added correctly.

 < Day Day Up > 


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net