Users


As you are aware, Exchange Server 2003 is tightly integrated with Active Directory. In fact, the tool used to create user accounts, Active Directory Users and Computers, is also the tool used to create and manage mailboxes for your users. Exchange-related configuration details show up as extra tabs on the user’s property sheet. This means that Exchange administrators and Active Directory administrators need to work together now more than ever. Although many administrators from the days of Exchange 5.5 hate the idea of giving up control of mailbox administration, doing so is usually the best course of action. Because all the user-related functions of mailboxes can now be managed from within Active Directory Users and Computers, letting one accounts administrator handle all user-related tasks from a single location makes sense. Users can have two possible e-mail configurations: the mailbox-enabled user and the mail-enabled user. Each of these configurations is detailed in the sections that follow.

Mailbox-Enabled Users

Mailboxes—the mainstay of any messaging system—are private, server-based storage areas in which user e-mail is kept. Every user in your organization must have access to a mailbox to send and receive messages because it is one of the primary methods of communication. In Exchange Server 2003, a user with a mailbox is referred to as a mailbox-enabled user. Mailbox-enabled users can send and receive messages as well as store messages on an Exchange server. One of your principal tasks as an administrator is to create and configure mailboxes for users.

Creating a New Mailbox-Enabled User

When Exchange Server 2003 is installed, several extensions for the Active Directory Users and Computers tool are installed as well. As a result, whenever you create a new user, you are automatically given the chance to create a mailbox for that user. To create a new user in Active Directory Users and Computers, make sure the Users container is selected, and then choose New User from the Action menu. This starts the New User Wizard, the first two screens of which are shown in Figure 9-1.

click to expand
Figure 9-1: Creating a new user account with Active Directory Users and Computers.

If you have worked with Active Directory, you are probably familiar with the process of creating and naming a new user and giving that user a password. This is what you do in the first two screens of the wizard. However, Exchange adds a third screen for creating an Exchange mailbox, which appears after you enter the typical user information (Figure 9-2). Here you can choose whether to create a mailbox, and you can also enter an alias (an alternate means of addressing a user that is covered later in this section) and indicate the Exchange server and the storage group on that server where the new user’s mailbox should be created. Once you are finished, click Next to display a summary screen for the new user. When you click Finish on this screen, the new user and mailbox are created.

click to expand
Figure 9-2: Creating a mailbox for your new user.

Creating a mailbox for an existing user is just as easy as creating one for a new user. Simply select any existing user in the Users folder in Active Directory Users and Computers, and choose Exchange Tasks from the Action menu. This command opens the Exchange Task Wizard, allowing you to add and configure the mailbox for the user.

Configuring Mailbox Properties

No matter which method you use to create mailboxes, you configure them in the same way—with the user object’s property sheet. To do so, select any user object in Active Directory Users and Computers, and then choose Properties from the Action menu. The property sheet for a user has quite a few tabs. The next several sections cover the tabs that pertain to Exchange mailbox configuration.

Tip

Several tabs on the user object’s property sheet hold advanced properties and are not displayed by default when you open a user’s property sheet. To see these tabs, choose Advanced Features from the View menu of Active Directory Users and Computers before you open a property sheet.

General Tab

The General tab, shown in Figure 9-3, is where you configure basic user information. The first name, middle initial, and last name that you enter here are used to generate a display name, which is the name of the recipient as it appears in the Active Directory Users and Computers console. The rest of the information about this tab further identifies the recipient. All this information is available to users when they browse the Global Address List.

click to expand
Figure 9-3: Assigning user information on the General tab.

Organization Tab

The Organization tab, shown in Figure 9-4, is used to configure additional information about the user’s position in the company. You can use this tab to specify a user’s manager and a list of people who report directly to the user. Click the Change button to display a list of recipients in the organization. All information configured on this tab is made available in the Global Address List.

click to expand
Figure 9-4: Describing a user’s position in the organization by using the Organization tab.

Exchange General Tab

On the Exchange General tab, shown in Figure 9-5, you can configure general properties governing the Exchange mailbox associated with the user. The mailbox store that the user belongs to is displayed here but cannot be changed. The alias is an alternate means of addressing a user and is used by foreign messaging systems that cannot handle a full display name.

click to expand
Figure 9-5: Configuring general mailbox-related properties.

You will also find three buttons on this tab that lead to more important settings. Click the Delivery Restrictions button to open the dialog box shown in Figure 9-6. You can set limits on the size of messages that can be transferred out of or into a particular mailbox. If an incoming or outgoing message exceeds its respective limit, it is not sent or received, and the sender of the message receives a nondelivery report. The Message Restrictions area allows you to restrict the messages coming into the selected mailbox. The default is to accept messages from everyone. You can specify that messages be accepted only from designated senders or that messages be accepted from everyone except a list of specific users. Choose the option you want, and click Add to select from recipients listed in Active Directory. You can also specify that messages be accepted only from authenticated users (that is, users with valid logon credentials for the network). This option works in conjunction with the other message restrictions you set.

click to expand
Figure 9-6: Setting restrictions on a mailbox.

Tip

Setting general limits for an entire site or server at the same time is much more efficient than setting them for each individual user. Setting limits for a particular mailbox is one way of dealing with users who need to send large messages or who simply let messages accumulate.

Click the Delivery Options button on the Exchange General tab to open the dialog box shown in Figure 9-7. This dialog box allows you to give Exchange users other than the primary user delegate access to the mailbox. This type of delegate access is called Send On Behalf permission. By clicking the Add button, you can grant this permission to any recipient in Active Directory. Users included in this list can send messages that will appear as though they came from the selected mailbox. Any messages sent include the names of both the primary mailbox user and the user who actually sent the message. This permission might be used by an assistant who needs to send a message from a manager who is out of the office.

click to expand
Figure 9-7: Setting delivery options for a mailbox.

Note

The Send On Behalf permission option can also be helpful in troubleshooting. If you assign this permission to yourself, as administrator, you can send test messages from any recipient in the organization. This practice can be a great way to test connections from remote servers. We recommend that you use test mailboxes created for this purpose and not actual user mailboxes. Many users would consider this type of extended access to their e-mail an intrusion.

You can also use the Delivery Options dialog box to assign a forwarding address for a mailbox. Any messages sent to the mailbox are routed to the mailbox of the designated alternate recipient. You can also specify that messages be sent both to the primary mailbox and to the alternate recipient. Exchange Server will deliver to each mailbox a separate reference to the message, so deleting the message from one mailbox does not cause it to be deleted from another. Finally, you can specify the maximum number of recipients to which a user can send a single message. By default, there is no limit.

Click the Storage Limits button on the Exchange General tab to open the dialog box shown in Figure 9-8. This dialog box lets you set parameters for storage limits and deleted item retention time. Often, users send and save huge attachments or are simply negligent about cleaning out their mailboxes. Either of these situations can cause a great deal of disk space to be consumed on your server. Fortunately, administrators can set any of three storage limits on a mailbox:

click to expand
Figure 9-8: Setting storage options for a mailbox.

  • Issue Warning At (KB) Specifies the mailbox size, in kilobytes, at which a warning is issued to the user to clean out the mailbox.

  • Prohibit Send At (KB) Specifies the mailbox size, in kilobytes, at which the user is prohibited from sending any new e-mail. This prohibition ends as soon as the user clears enough space to fall back under the limit.

  • Prohibit Send And Receive At (KB) Specifies the mailbox size, in kilobytes, at which the user is prohibited from sending, receiving, or even editing any e-mail. All the user can do is delete messages. This prohibition ends as soon as the user clears enough space to fall back under the limit. To do this, a user must delete items from his or her mailbox and then empty the Deleted Items folder. When a user sends a message to a recipient who is prohibited from receiving any new messages, a nondelivery report is generated and returned to the sending user. Prohibiting the sending and receiving of e-mail is a pretty strong measure for an administrator to take. We recommend that you implement this solution only if you experience continued problems that you cannot otherwise resolve.

Exchange Server 2003 also includes a feature that gives users a certain amount of time to recover items that have been deleted from their Deleted Items folder. When a user deletes a message using a client application such as Microsoft Outlook, that message is placed in the user’s Deleted Items folder. Only when the user deletes the item from the Deleted Items folder is it actually removed from the user’s personal folders. However, the deleted item is still not actually deleted from the mailbox store. Instead, it is marked as hidden and is kept for a specified amount of time. During that period, the user can recover the item with the client application. Note that the ability to recover deleted items requires Outlook 97 or later.

The Deleted Item Retention area of the Storage Limits dialog box specifies the retention time for deleted items. You can either use the default value that is configured for the entire mailbox store or override it with a different value for the selected mailbox. If you choose to override the value, you can also specify that deleted messages not be permanently removed until the mailbox store has been backed up.

E-Mail Addresses Tab

The E-Mail Addresses tab, shown in Figure 9-9, lets you configure how the mailbox is addressed from different types of messaging systems. When you create a mailbox, two types of addresses are configured by default: SMTP and X.400. You can add, remove, or edit addresses as you please. A mailbox can have multiple addresses for a single type. For example, a mailbox for the Web site administrator Patricia Doyle might have two SMTP addresses: pdoyle@company.com and webmaster@company.com. E-mail addressed to these two addresses will be placed in the same mailbox. Although this tab provides a way to change addresses manually for each mailbox, a much easier way to change addresses for multiple mailboxes is with recipient policies, which are covered later in this chapter.

click to expand
Figure 9-9: Viewing e-mail addresses for a mailbox.

Exchange Features Tab

The Exchange Features tab, shown in Figure 9-10, lets you enable and disable certain mobile services or particular protocols for an individual mailbox. For mobile services, you have only the option of enabling or disabling each service for the mailbox. For protocols, you can make these simple changes, as well as modify other parameters for that protocol. You will learn more about Internet protocols and how to configure them for sites, servers, and mailboxes in Chapter 20, “Supporting Internet Protocols and SMTP.”

click to expand
Figure 9-10: Viewing Exchange features for a mailbox.

Exchange Advanced Tab

The Exchange Advanced tab, shown in Figure 9-11, lets you configure a number of miscellaneous features that the Exchange designers decided were advanced.

click to expand
Figure 9-11: Setting advanced Exchange mailbox features.

The simple display name is an alternate name for the mailbox. It appears when the full display name cannot be shown for some reason. This situation often occurs when multiple language versions of the Exchange System snap-in are used on the same network.

By default, all recipients except public folders are visible to users via the Global Address List. You can select the Hide From Exchange Address Lists option to hide the mailbox from that list or from other lists created in the Exchange System snap in. The mailbox will still be able to receive e-mail; it simply will not be included in address lists.

If you select the Downgrade High Priority Mail Bound For X.400 option, the current mailbox cannot send high-priority messages to X.400 systems. If the user sends a high-priority message, Exchange Server will downgrade it to normal priority.

In addition to these settings, you’ll find three buttons on the Exchange Advanced tab that lead to separate dialog boxes with more configuration options. These buttons are covered in the sections that follow.

Custom Attributes Button Clicking the Custom Attributes button displays the Exchange Custom Attributes dialog box, shown in Figure 9-12. This dialog box lets you enter information about a mailbox in 15 custom fields. These fields can be used for any information you need to include that isn’t available on the other tabs. All these fields are available to users in the Global Address List. By default, these fields are labeled extensionAttribute1 through extensionAttribute15. Just select a field and click Edit to enter a new value. You can customize their names to suit your needs.

click to expand
Figure 9-12: Entering additional recipient information by using custom attribute fields.

ILS Settings Button Click the ILS Settings button to display the ILS Settings dialog box. If you use Microsoft NetMeeting in your organization, this dialog box is for you. NetMeeting allows users to collaborate on documents by using audio, video, and a shared whiteboard. Use the ILS Settings dialog box to set up your Internet Locator Service (ILS) by configuring the ILS Server and Account fields. Once you’ve accomplished that, users can contact and set up meetings with the user of this mailbox.

Mailbox Rights Button

The Permissions dialog box, shown in Figure 9-13, appears when you click the Mailbox Rights button. It lets you assign various access rights to a mailbox. By default, only the SELF group is given rights to the mailbox. You can add any user in Active Directory to this list by clicking the Add button.

click to expand
Figure 9-13: Configuring rights on a mailbox.

You modify the particular rights of any user in the list by selecting the user and selecting or clearing the Allow and Deny check boxes beside the individual mailbox rights. Here are the rights you can assign:

  • Delete Mailbox Storage Allows a user to delete the actual mailbox from the information store. This right is given by default only to administrators.

  • Read Permissions Lets the user read e-mail in the mailbox. You could use this right alone to allow a user to read another user’s e-mail but not to send, change, or delete messages in the mailbox.

  • Change Permissions Allows a user to delete or modify items in the primary user’s mailbox.

  • Take Ownership Allows a user to become the owner of a mailbox. By default, only administrators are given this permission.

  • Full Mailbox Access Allows a user to access a mailbox and to read and delete messages. It also allows the user to send messages using the mailbox.

  • Associated eExternal Account Provides a way to associate a Windows NT 4 user account with an Exchange 2003 mailbox.

Member Of Tab

The Member Of tab of a user’s property sheet, shown in Figure 9-14, lists the groups to which the user currently belongs. You can add a group by clicking the Add button and then choosing from the available lists. Not only can you manage a group from a user’s property sheet, but you can also manage a group from the group’s property sheet. For more information, see the section titled “Groups” later in this chapter.

click to expand
Figure 9-14: Viewing the groups to which a mailbox belongs.

Mail-Enabled Users

As you know, a mail-enabled user is simply a user that has an e-mail address but no mailbox on an Exchange server. This means that the user can receive e-mail through its custom address but cannot send e-mail using the Exchange system. You cannot enable e-mail for a user while creating the user. The only way to create a mail-enabled user is to first create a new user that is not mailbox- enabled, and then to enable e-mail for that user. To enable e-mail for an existing user, select that user in Active Directory Users and Computers, and choose Exchange Tasks from the Action menu. After going past the welcome page, select the Establish E-mail Address task and click Next. This opens the page shown in Figure 9-15. Simply enter an e-mail alias and click Modify to choose the type of e-mail address you want to enter for the user. You can create many popular types of addresses, such as SMTP, Microsoft Mail, and Lotus cc:Mail, or you can even create a custom address. Once you enable e-mail for a user, you can configure the e-mail settings just as you would for a mailbox-enabled user.

click to expand
Figure 9-15: Enabling e-mail for a user without giving the user a mailbox.




Microsoft Exchange Server 2003 Administrator's Companion
Microsoft Exchange Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735619794
EAN: 2147483647
Year: 2005
Pages: 254

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net