Recipe 5.4. Creating a Mail-Enabled GroupProblemYou need to create a new group and mail-enable it so it can be used to send messages. SolutionUsing a graphical user interface
Using a command-line interfaceYou can use the dsadd command (which ships with Windows Server 2003 and can be used for some operations on Windows 2000) to add new groups from the command line. Here's an example: > dsadd group "<groupName>" -scope <groupScope> -secgrp { yes | no } -desc <groupDesc> <groupName> is the full DN of the group you want to create, <groupScope> is the group scope (L for local, G for global, and U for universal), and <groupDesc> is the description you want the group to have. The parameter used with the secgrp switch indicates whether you want a security group (-secgrp yes, the default) or a distribution group (-secgrp no). Once the group's added, you can use exchmbx with the -me switch to mail-enable it, like this: > dsadd group "cn=Editors,cn=users,dc=robichaux,dc=net" -scope L -secgrp yes -desc "Cookbook editors" > exchmbx -b "cn=Editors,cn=users,dc=robichaux,dc=net" -me Using VBScript' This code creates a new mail-enabled group of the specified ' type. You have to specify the container and group name. ' ------ SCRIPT CONFIGURATION ------ strDCName = "<ServerName>" ' e.g., CONT-EXBE01 strContainer= "<containerName>" ' e.g., "/CN=Users, dc=contoso, dc=local" strGroupName = "<groupName>" ' e.g., "Led Zeppelin Fans" Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 4 Const ADS_GROUP_TYPE_GLOBAL_GROUP = 2 Const ADS_GROUP_TYPE_LOCAL_GROUP = 4 Const ADS_GROUP_TYPE_SECURITY_ENABLED = -2147483648 Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = 8 ' ------ END CONFIGURATION --------- Set objContainer = GetObject("LDAP://" & strDCName & strContainer) Set objGroup = objContainer.Create("Group", "cn=" & strGroupName) With objGroup .Put "sAMAccountName", strGroupname .Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP .MailEnable .SetInfo End with WScript.Echo "New group " & strGroupName & " created successfully" DiscussionCreating a mail-enabled group from a script requires two separate sets of operations. First, you have to create the group. This is simple, since you can just use the ADSI Create method to create an object with the specified location and name (of course, you have to tell Create that you're creating a group). This step also requires you to set the group scope, which you do by setting the groupType attribute. We've included the relevant group types as constants in the previous script. After creating the group, you have to mail-enable it so that the correct proxy addresses are set. In a similar vein, if you create groups from the command line with dsadd, you'll need to mail-enable them with the Exchange Tasks wizard or by using the MailEnable method as shown in the previous script. One important note: the groupType attribute stores both the group scope and its type (that is, whether it's a security or distribution group). To create a security group, just set the ADS_GROUP_TYPE_SECURITY_ENABLED to the group scope flag. For example, to create a security-enabled universal group in VBScript, you'd write: objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP Or ADS_GROUP_TYPE_SECURITY_ENABLED See AlsoRecipe 5.1 and Recipe 5.2 for creating mailboxes and user objects, Chapter 7 of Active Directory Cookbook for more recipes for creating and removing group objects and manipulating their membership; MS KB 231273 (Group Type and Scope Usage in Windows); dsadd documentation at Microsoft's Windows Server 2003 site |