Groups

Previous page
Table of content
Next page

In Active Directory, a group is a container of sorts that can hold users and other groups. You can assign permissions to a group that are inherited by all the objects that are members of that group. This makes the group a valuable security construct. Exchange Server 2003 also uses groups for another purpose. A group can be mail-enabled and then populated with other mail- or mailbox- enabled recipients to make a distribution list, a term you might be familiar with from earlier versions of Exchange Server. A group can contain users, contacts, public folders, and even other groups. When you send a message to a mail- enabled group, the message is sent to each member of the list individually. Groups are visible in the Global Address List.

Creating a Group

Creating a new mail-enabled group is easy. Choose New Group from the Action menu of Active Directory Users and Computers. This command opens the New Object - Group dialog box, shown in Figure 9-18. Enter a group name that describes the members the group will contain. You must also choose a group scope and a group type. The group scope defines the level at which the group will be available in Active Directory. The group type defines whether the group is for security or distribution purposes. A security group can be mail- enabled and used for distribution purposes, but a distribution group cannot be used for security purposes. When you’re finished, click Next.

click to expand
Figure 9-18: Creating a distribution group.

On the next page, you can specify whether an e-mail address should be created for the new group, and you can enter an alias name. If you are creating a group to be used as a distribution list, you must create an e mail address. Once you click Finish in this screen, the new group is created and you are ready to add members. This process is described in the next section, along with other ways of configuring groups.

Configuring a Group

You configure a group in the same way that you configure other recipients— with a property sheet. Many of the tabs are identical to those of the same name for user objects; refer to the “Users” section earlier in this chapter for details on those tabs. Some of the tabs found on a user’s property sheet simply don’t exist for a group. This section covers the three Exchange-related tabs that do differ for a group.

Members Tab

The Members tab lists every member of the group. Click the Add button to access the Active Directory list, from which you can add new members to the group. You can click the Remove button to remove selected members. As mentioned earlier, groups can hold any other type of object, including users, contacts, public folders, and even other groups.

Managed By Tab

The Managed By tab, shown in Figure 9-19, lets you assign an owner to the group. The owner manages the group’s membership. By default, the administrator who creates the group is the owner, but you can designate as owner any user, group, or contact in the Global Address List. If you give ownership to another user, that user can use Outlook to modify the group’s membership and does not need access to Active Directory Users and Computers. You can relieve yourself of a great deal of work by specifying owners for the groups you create. As groups grow larger, they can consume a considerable amount of management time.

click to expand
Figure 9-19: Specifying a group owner.

Exchange Advanced Tab

The Exchange Advanced tab, shown in Figure 9-20, holds several configuration options that might be familiar to you, such as Simple Display Name and the Custom Attributes button. You can also, however, configure several options that are specific to distribution lists:

click to expand
Figure 9-20: Setting advanced properties for a group.

  • Expansion Server Whenever a message is sent to a group, the group must be expanded so that the message can be sent to each member of the group. The Message Transfer Agent (MTA) service of a single Exchange server performs this expansion. The default choice is Any Server In Site. This setting means that the home server of the user sending the message always expands the group. You can also designate a specific server to handle expanding the group, which is a good choice if you have a large group. In this case, expansion could consume a large amount of server resources, which can compromise performance for busy servers.

  • Hide Group From Exchange Address Lists If you select this option, the group is not visible in the Global Address List.

  • Send Out-Of-Office Messages To Originator If you select this option, users can configure Exchange clients to reply automatically to any messages received while they are away from their offices. When this option is selected, users who send messages to the group can receive these automatic messages. For particularly large groups, it’s best not to allow out-of-office messages to be delivered because of the excess network traffic they generate.

  • Send Delivery Reports To Group Owner If you select this option, the owner of the group is notified whenever an error occurs during the delivery of a message to the group or to one of its members. This option is not available when the group has not been assigned an owner.

  • Send Delivery Reports To Message Originator If you select this option, any error notifications are sent to the user who sent a message to the group. If the Send Delivery Reports To Group Owner option is also selected, both the sender and the owner are notified.

  • Do Not Send Delivery Reports If you select this option, no delivery reports are sent.

start sidebar
Real World—Using Message Restrictions on Groups

The Message Restrictions area on the Exchange General tab is often much more useful for groups than it is for individual users. In large organizations, groups can grow quite large, sometimes holding thousands of users. Because of the possibility of misuse, providing general access to groups this large is usually not a good idea. Imagine the increase in traffic if your users sent messages to thousands of users every time their kids had candy bars to sell or they found a good joke. Placing delivery restrictions on large groups allows you to limit access to the groups to a few select, responsible users.

Another potential risk is that someone from the Internet could e-mail everyone in your company, using a group’s SMTP address. Imagine what your job would be like on the day that an anonymous person e-mailed malicious information to the entire company. Limiting access to the group will also help prevent this type of unwanted e-mail from occurring.

end sidebar

Creating Query-Based Distribution Groups

Exchange Server 2003 introduces a new type of object called a query-based distribution group—query-based because instead of making specific objects members of the group, the membership is dynamic and is based on general filters that you create. For example, you could create a query-based distribution group that included all mailbox-enabled Exchange users. No one has to manually update the membership of the group because whenever a message is sent to the list, the membership is generated on the fly.

Although query-based distribution groups are an exciting and useful addition to Exchange Server 2003, you do need to take a few limitations and costs into consideration:

  • You can use query-based distribution groups only in a native-mode organization, meaning an organization in which no servers are running any version prior to Exchange 2000 Server. In addition, servers running Exchange 2000 Server should be updated to Exchange Service Pack 3 for the best reliability.

  • The on-the-fly generation of members for a query-based distribution group generates additional overhead on the server that performs that generation—the expansion server. Expect the server to show increased CPU time and disk activity each time a message is sent to the group.

  • The generation also causes increased network traffic and Active Directory utilization because the expansion server must send a query to Active Directory to resolve the current membership each time a message is sent to the group.

Because of the additional overhead generated by query-based distribution groups, they are best used for making period announcements to important groups of users and are not intended as a replacement for standard distribution groups.

Creating a query-based distribution group is straightforward. In Active Directory Users and Computers, select the container in which you want to create the group and then choose New Query-Based Distribution Group from the Action menu. In the dialog box that opens, name the group, give it an alias, and click Next. On the next page, shown in Figure 9-21, you can choose from a number of predefined filters or create a customized filter. With a custom filter, you can specify a particular server or even a mailbox store for generating the membership. You can also build a custom list of fields from various objects used to generate the membership. For example, if your company uses the room number field when user objects are created, you could configure a query-based distribution group to send messages to everyone on the second floor.

click to expand
Figure 9-21: Creating a query-based distribution group.



Previous page
Table of content
Next page
Microsoft Exchange Server 2003 Administrator's Companion
Microsoft Exchange Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735619794
EAN: 2147483647
Year: 2005
Pages: 254
Authors: Walter Glenn, Bill English
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
The .NET Developers Guide to Directory Services Programming
C & Data Structures (Charles River Media Computer Engineering)
The Java Tutorial: A Short Course on the Basics, 4th Edition
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy