Working with Security and Standard Distribution Groups

Previous page
Table of content
Next page

As you set out to work with groups, you'll find that there are tasks specific to each type of group, as well as tasks that you can perform with any type of group. Because of this, I've divided the group management discussion into three sections. In this section, you'll learn about the typical tasks you perform with security and standard distribution groups. The next section discusses tasks you'll perform only with dynamic distribution groups. The third section discusses general management tasks.

You can use Exchange Management Console or Exchange Management Shell to work with groups.

Creating Security and Standard Distribution Groups

You use groups to manage permissions and to distribute e-mail. As you set out to create groups, remember that you create groups for similar types of users. Consequently, the types of groups you might want to create include the following:

  • Groups for departments within the organization Generally, users who work in the same department need access to similar resources and should be a part of the same e-mail distribution lists.

  • Groups for roles within the organization You can also organize groups according to the users’ roles within the organization. For example, you could use a group called Executives to send e-mail to all the members of the executive team and a group called Managers to send e-mail to all managers and executives in the organization.

  • Groups for users of specific projects Often, users working on a major project need a way to send e-mail to all the members of the team. To solve this problem, you can create a group specifically for the project.

You can create groups two ways. You can mail-enable an existing universal security group or you can create an entirely new distribution group.

Mail-Enabling an Existing Universal Security Group

You can mail-enable an existing universal security group by completing the following steps:

  1. In Exchange Management Console, expand the Recipient Configuration node and then select the related Distribution Group node.

    Note 

    Only recipients in the current domain or organization unit are displayed. To view recipients in other domains or organizational units, right-click the Recipient Configuration node and then select Modify Recipient Scope. Use the options provided to configure the scope to use and then click OK.

  2. Right-click the Distribution Group node, and then select New Distribution Group. This starts the New Distribution Group wizard.

  3. On the Introduction page, select Existing Group, and then click Browse.

  4. In the Select Group dialog box, shown in Figure 9-1, select the universal security group you want to mail-enable, and then click OK. Universal security groups for the current domain are listed by name and group type.

  5. Click Next. On the Group Information page, the name details for the group are filled in automatically based on the details for the group you selected. You cannot change the group name or the pre-Windows 2007 group name.

  6. Like users, groups have an Exchange alias. The Exchange alias is set to the group name by default. You can change this value by entering a new alias. The Exchange alias is used to set the group's e-mail address. If necessary, change the default alias.

  7. Click Next, and then click New to create the group. An e-mail address is configured automatically for Simple Mail Transfer Protocol (SMTP). Exchange Server uses the SMTP address for receiving messages. After Exchange creates the group, click Finish.

  8. Mail-enabling the group isn't the final step. Afterward, you might want to do the following:

    • q Add members to the group.

    • q Make the group a member of other groups.

    • q Assign a manager as a point of contact for the group.

    • q Set message size restrictions for messages mailed to the group.

    • q Limit users who can send to the group.

    • q Change or remove default e-mail addresses.

    • q Add additional e-mail addresses.

image from book
Figure 9-1: Use the Select Group dialog box to select the existing universal security group to mailbox-enable.

In Exchange Management Shell, you can mail-enable a universal security group using the Enable-DistributionGroup cmdlet. Sample 9-1 provides the syntax and usage.

Sample 9-1: Enable-DistributionGroup cmdlet syntax and usage

image from book 
 Syntax Enable-DistributionGroup -Identity 'GroupIdentity'  -DisplayName 'DisplayName'  -Alias 'ExchangeAlias' Usage Enable-DistributionGroup -Identity 'http://cpandl.com/Users/AllSales'  -DisplayName 'All Sales'  -Alias 'AllSales'
image from book

You can manage mail-enabled security groups in several ways. You can add or remove group members as discussed in the "Assigning and Removing Membership for Individual Users, Groups, and Contacts" section of this chapter. If a group should no longer be mail-enabled, you can right-click it and select Disable to remove the Exchange settings from the group. If you no longer need a mail-enabled security group and it is not a built-in group, you can permanently remove it from Active Directory by right-clicking it and selecting Remove.

Using Exchange Management Shell, you can disable a group's Exchange features using the Disable-DistributionGroup cmdlet, as shown in Sample 9-2. You can permanently remove a group from Active Directory using the Remove-DistributionGroup cmdlet, as shown in Sample 9-3.

Sample 9-2: Disable-DistributionGroup cmdlet syntax and usage

image from book 
 Syntax Disable-DistributionGroup -Identity 'Identity' Usage Disable-DistributionGroup -Identity 'http://cpandl.com/Users/AllSales'
image from book

Sample 9-3: Remove-DistributionGroup cmdlet syntax and usage

image from book 
 Syntax Remove-DistributionGroup -Identity 'Identity' Usage Remove-DistributionGroup -Identity 'http://cpandl.com/Users/AllSales'
image from book

Creating a New Distribution Group

You can create a new distribution group by completing the following steps:

  1. In Exchange Management Console, expand the Recipient Configuration node and, then select the related Distribution Group node.

    Note 

    Only recipients in the current domain or organization unit are displayed. To view recipients in other domains or organizational units, right-click the Recipient Configuration node, and then select Modify Recipient Scope. Use the options provided to configure the scope to use, and then click OK.

  2. Right-click the Distribution Group node, and then select New Distribution Group. This starts the New Distribution Group wizard.

  3. On the Introduction page, accept the default selection to create a new group, and click Next.

  4. On the Group Information page, shown in Figure 9-2, the Organizational Unit field shows where in Active Directory the group will be created. By default, this is the Users container in the current domain. As you'll usually need to create new groups in a specific organizational unit rather than the Users container, click Browse. Use the Select Organizational Unit dialog box to choose the location in which to store the account, and then click OK.

  5. Select a group type-either Security or Distribution. Generally, you'll want to create a mail-enabled security group if you also want to use the group to manage access permissions. Otherwise, you'll want to create a distribution group to use the group only for mail distribution.

  6. Type a name for the group. Group names aren't case-sensitive and can be up to 64 characters long.

  7. The first 20 characters of the group name are used to set the pre–Windows 2000 group name. This group name must be unique in the domain. If necessary, change the pre–Windows 2000 group name.

  8. The group name is used to set the display name. The display name is the name displayed in Outlook address lists. If necessary, change the default display name.

  9. Like users, groups have an Exchange alias. The Exchange alias is set to the group name by default. You can change this value by entering a new alias. The Exchange alias is used to set the group's e-mail address.

  10. Click Next, and then click New to create the group. An e-mail address is configured automatically for SMTP. Exchange Server uses the SMTP address for receiving messages. Click Finish after creating the group completes.

  11. Creating the group isn't the final step. Afterward, you might want to do the following:

    • q Add members to the group.

    • q Make the group a member of other groups.

    • q Assign a manager as a point of contact for the group.

    • q Set message size restrictions for messages mailed to the group.

    • q Limit users who can send to the group.

    • q Change or remove default e-mail addresses.

    • q Add additional e-mail addresses.

image from book
Figure 9-2: Configure the group's domain settings.

In Exchange Management Shell, you can create a new distribution group using the New-DistributionGroup cmdlet. Sample 9-4 provides the syntax and usage.

Sample 9-4: New-DistributionGroup cmdlet syntax and usage

image from book 
 Syntax New-DistributionGroup -Name 'ExchangeName' -Type 'GroupType'  -OrganizationalUnit 'OrganizationalUnit'  -SamAccountName 'prewin2000logon'  -DisplayName 'DisplayName'  -Alias 'ExchangeAlias' Usage New-DistributionGroup -Name 'CorporateSales' -Type 'Distribution'  -OrganizationalUnit 'http://cpandl.com/Sales'  -SamAccountName 'CorporateSales'  -DisplayName 'Corporate Sales'  -Alias 'CorporateSales'
image from book

Assigning and Removing Membership for Individual Users, Groups, and Contacts

All users, groups, and contacts can be members of other groups. To configure a group's membership, follow these steps:

  1. In Exchange Management Console, double-click the group entry. This opens the group's Properties dialog box.

  2. On the Members tab, to add objects to the group, click Add. The Select Recipient dialog box appears. You can now choose objects that should be members of this currently selected group. Select the recipients you want to add to the group, and then click OK.

  3. To remove a member from a group, select an object, and then click Remove. When you're finished, click OK.

In Exchange Management Shell, you can add members to a group using the Add-DistributionGroupMember cmdlet. Sample 9-5 provides the syntax and usage.

Sample 9-5: Add-DistributionGroupMember cmdlet syntax and usage

image from book 
 Syntax Add-DistributionGroupMember -Identity 'GroupIdentity'  -Member 'RecipientIdentity' Usage Add-DistributionGroupMember -Identity 'http://cpandl.com/Users/CorpSales'  -Member 'http://cpandl.com/Sales/Kim Akers'
image from book

In Exchange Management Shell, you can remove members from a group using the Remove-DistributionGroupMember cmdlet. Sample 9-6 provides the syntax and usage.

Sample 9-6: Remove-DistributionGroupMember cmdlet syntax and usage

image from book 
 Syntax Remove-DistributionGroupMember -Identity 'GroupIdentity'  -Member 'RecipientIdentity' Usage Remove-DistributionGroupMember -Identity 'http://cpandl.com/Users/CorpSales'  -Member 'http://cpandl.com/Sales/Kim Akers'
image from book



Previous page
Table of content
Next page
Microsoft Exchange Server 2007 Administrator's Pocket Consultant
Microsoft Exchange Server 2007 Administrators Pocket Consultant Second Edition
ISBN: 0735625867
EAN: 2147483647
Year: 2007
Pages: 119
Authors: William R. Stanek
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
Java for RPG Programmers, 2nd Edition
Data Structures and Algorithms in Java
Competency-Based Human Resource Management
Programming Microsoft ASP.NET 3.5
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy