Previous sections covered tasks that were specific to a type of group. As an Exchange administrator, you'll find that there are many additional group management tasks that you'll need to perform. These essential tasks are discussed in this section.
Each mail-enabled group has a display name, an Exchange alias, and one or more email addresses associated with it. The display name is the name that appears in address lists. The Exchange alias is used to set the e-mail addresses associated with the group.
Whenever you change a group's naming information, new e-mail addresses can be generated and set as the default addresses for SMTP. These e-mail addresses are used as alternatives to e-mail addresses previously assigned to the group. To learn how to change or delete these additional e-mail addresses, see the section of this chapter entitled "Changing, Adding, or Deleting a Group's E-mail Addresses."
To change the group's Exchange name details, complete the following steps:
In Exchange Management Console, double-click the group entry. This opens the group's Properties dialog box.
On the General tab, the first text box shows the display name of the group. If necessary, type a new display name.
The Alias text box shows the Exchange alias. If necessary, type a new alias. Click OK.
Note | When you change a group's display name, you give the group a new label. Changing the display name doesn't affect the SID, which is used to identify, track, and handle permissions independently from group names. |
When you create a mail-enabled group, default e-mail addresses are created for SMTP and X.400. Any time you update the group's Exchange alias, new default e-mail addresses can be created. The old addresses aren't deleted, however; they remain as alternative e-mail addresses for the group.
To change, add, or delete a group's e-mail addresses, follow these steps:
In Exchange Management Console, double-click the group entry. This opens the group's Properties dialog box.
On the E-mail Addresses tab, you can use the following techniques to manage the group's e-mail addresses:
q Create a new SMTP address Click the arrow to the right of Add, and then select SMTP Address. Enter the e-mail address, and then click OK.
q Create a custom address Click the arrow to the right of Add, and then select Custom Address. Enter the e-mail address, and then enter the e-mail address type. Click OK.
Tip | Use SMTP as the address type for standard Internet e-mail addresses. For custom address types, such as X.400, you must manually enter the address in the proper format. |
q Set a new Reply To address Select the address you want to be the new default, and then click Set As Reply.
q Edit an existing address Double-click the address entry. Modify the settings in the Address dialog box, and then click OK.
q Delete an existing address Select the address, and then click the Remove button.
By default, any mail-enabled security group or other distribution group that you create is shown in Exchange address lists, such as the global address list. If you want to hide a group from the address lists, follow these steps:
In Exchange Management Console, double-click the group entry. This opens the group's Properties dialog box.
On the Advanced tab, select the Hide Group From Exchange Address Lists check box. Click OK.
Note | When you hide a group, it isn't listed in Exchange address lists. However, if a user knows the name of a group, he or she can still use it in the mail client. To prevent users from sending to a group, you must set message restrictions, as discussed in the section of this chapter entitled "Setting Usage Restrictions on Groups." |
Tip | Hiding group membership is different from hiding the group itself. In Out-look, users can view the membership of groups. In Exchange Server 2007, you cannot prevent viewing the group membership. In addition, membership of dynamic distribution groups is not displayed in global address lists because it is generated only when mail is sent to the group. |
Groups are great resources for users in an organization. They let users send mail quickly and easily to other users in their department, business unit, or office. However, if you aren't careful, people outside the organization can use groups as well. Would your boss like it if spammers sent unsolicited e-mail messages to company employees through your distribution lists? Probably not-and you'd probably be sitting in the hot seat, which would be uncomfortable, to say the least.
To prevent unauthorized use of mail-enabled groups, you can specify that only certain users or members of a particular group can send messages to the group. For example, if you created a group called AllEmployees, of which all company employees were members, you could specify that only the members of AllEmployees could send messages to the group. You do this by specifying that only messages from AllEmployees are acceptable.
To prevent mass spamming of other groups, you could set the same restriction. For example, if you have a group called Technology, you could specify that only members of AllEmployees can send messages to that group.
Real World If you have users who telecommute or send e-mail from home using a personal account, you might be wondering how these users can send mail after you put a restriction in place. What I've done in the past is create a group called Off-siteEmailUsers and then added this as a group that can send mail to my mail-enabled groups. The OffsiteEmailUsers group contains separate mail-enabled contacts for each authorized off-site e-mail address.
Another way to prevent unauthorized use of mail-enabled groups is to specify that only mail from authenticated users is accepted. An authenticated user is any user accessing the system through a logon process. It does not include anonymous users or guests, and is not used to assign permissions. If you use this option, keep in mind that off-site users will need to log on to Exchange before they can send mail to restricted groups, which might present a problem for users who are at home or on the road.
You can set or remove usage restrictions by completing the following steps:
In Exchange Management Console, double-click the group entry. This opens the group's Properties dialog box.
On the Mail Flow Settings tab, double-click Message Delivery Restrictions.
If you want to ensure that messages are accepted only from authenticated users, select the Require That All Senders Are Authenticated check box.
To accept messages from all e-mail addresses except those on the reject list, under Accept Messages From, select All Senders.
To specify that only messages from the listed users, contacts, or groups be accepted, under Access Messages From, select the Senders In The Following List option, and then add acceptable recipients:
q Click Add to display the Select Recipients dialog box.
q Select a recipient, and then click OK. Repeat as necessary.
Tip | You can select multiple recipients at the same time. To select multiple recipients individually, hold down the CTRL key, and then click each recipient that you want to select. To select a sequence of recipients, hold down the SHIFT key, select the first recipient, and then click the last recipient. |
To specify that no recipients should be rejected, under Reject Messages From, select No Senders.
To reject messages from specific recipients, under Reject Messages From, select Senders In The Following List, and then add unacceptable recipients:
q Click Add to display the Select Recipients dialog box.
q Select a recipient, and then click OK. Repeat as necessary.
Click OK.
By default, messages of any size can be sent to distribution groups. You can change this behavior by limiting the size of message that users can send to distribution groups. To do this, complete the following steps:
Open the Properties dialog box for the group by double-clicking the group name in Exchange Management Console.
On the Mail Flow Settings tab, double-click Message Size Restrictions.
Select the Maximum Message Size (In KB) check box.
In the text box provided, enter the maximum message size in kilobytes (KB). Be sure to set a size that allows sending suitably sized attachments. Click OK twice.
If a message addressed to the group exceeds the limit, the message isn't sent and the user receives a nondelivery report (NDR).
By default, distribution groups are configured so that delivery reports are sent to the person who sent the mail message. You can change this so that delivery reports are sent to the group owner or not sent at all. You can also specify out-of-office messages that are returned in response to messages from the sender. To set these options, complete the following steps:
Open the Properties dialog box for the group by double-clicking the group name in Exchange Management Console.
On the Advanced tab, if you want out-of-office messages to be delivered to the sender, select the Send Out-Of-Office Message To Originator check box.
If you want to stop sending delivery reports, select Do Not Send Delivery Reports. Alternately, you can send delivery reports to the group manager or the message originator. Click OK.
Deleting a group removes it permanently. After you delete a group, you can't create a group with the same name and automatically restore the permissions that the original group was assigned because the SID for the new group won't match the SID for the old group. You can reuse group names, but remember that you'll have to re-create all permissions settings.
Windows doesn't let you delete built-in groups. In Exchange Management Console, you can remove other types of groups by right-clicking them and selecting Remove. When prompted, click Yes to delete the group. If you click No, Exchange Management Console will not delete the group.
In Exchange Management Shell, you can use the Remove-DistributionGroup cmdlet to remove groups. See Sample 9-3, listed previously in the chapter.