As you set out to work with groups, you'll find that some
tasks are specific to each type of group and some tasks can be
performed with any type of group. Because of this, I've divided the
group management discussion into three sections. In this section,
you'll learn about the typical tasks you perform with security and
standard distribution groups. The next section discusses tasks you'll
perform only with dynamic distribution groups. The third section
discusses general management tasks.
You can use the Exchange Management Console or the Exchange Management Shell to work with groups.
1. Creating Security and Standard Distribution Groups
You use groups to manage permissions and to distribute e-mail. As
you set out to create groups, remember that you create groups for
similar types of users. Consequently, the types of groups you might
want to create include the following:
-
Groups for departments within the organization
Generally, users who work in the same department need access to similar
resources and should be a part of the same e-mail distribution lists. -
Groups for roles within the organization
You can also organize groups according to the users' roles within the
organization. For example, you could use a group called Executives to
send e-mail to all the members of the executive team and a group called
Managers to send e-mail to all managers and executives in the
organization. -
Groups for users of specific projects
Often, users working on a major project need a way to send e-mail to
all the members of the team. To solve this problem, you can create a
group specifically for the project.
You can create groups two ways. You can mail-enable an existing universal security group, or you can create an entirely new distribution group.
Mail-Enabling an Existing Universal Security Group
To mail-enable an existing universal security group, complete the following steps:
-
In the Exchange Management Console, expand the Recipient Configuration node and then select the Distribution Group node.
Note
Only recipients in the current domain or organizational unit are
displayed. To view recipients in other domains or organizational units,
right-click the Recipient Configuration node and then select Modify
Recipient Scope. Use the options provided to configure the scope to use
and then click OK.
-
Right-click the Distribution Group node, and then select New Distribution Group. This starts the New Distribution Group Wizard. -
On the Introduction page, select Existing Group and then click Browse. -
In the Select Group dialog box, shown in Figure 1 select the universal security group you want to mail-enable and then click OK. Universal security groups for the current domain are listed by name and group type.
-
Click Next. On the Group Information page, the name details for the
group are filled in automatically based on the details for the group
you selected. You cannot change the group name or the pre–Windows 2000
group name. -
Like users, groups
have an Exchange alias. Enter an alias. The Exchange alias is used to
set the group's e-mail address. If necessary, change the default alias. -
Click Next, and then click New to create the group. An e-mail
address is configured automatically for Simple Mail Transfer Protocol
(SMTP). Exchange Server uses the SMTP address for receiving messages.
After Exchange creates the group, click Finish. -
Mail-enabling the group isn't the final step. Afterward, you might want to do the following:
-
Add members to the group. -
Make the group a member of other groups. -
Assign a manager as a point of contact and control for the group. -
Configure membership approval settings for joining and leaving the group. -
Set message size restrictions for messages mailed to the group. -
Limit users who can send to the group. -
Change or remove default e-mail addresses. -
Add more e-mail addresses.
Note
By default, the mail-enabled group will have closed membership. This means members won't be able to join or leave the group.
In the Exchange Management Shell, you can mail-enable a universal security group using the Enable-DistributionGroup cmdlet. Example 1 provides the syntax and usage.
Example 1. Enable-DistributionGroup cmdlet syntax and usage
Syntax
Enable-DistributionGroup -Identity GroupIdentity [-Alias ExchangeAlias]
[-DisplayName DisplayName] [-DomainController FullyQualifiedName]
[-PrimarySmtpAddress SmtpAddress]
Usage
Enable -DistributionGroup -Identity 'cpandl.com/Users/AllSales'
-DisplayName 'All Sales'
-Alias 'AllSales'
You can manage mail-enabled
security groups in several ways. If a group should no longer be
mail-enabled, you can right-click it in the Exchange Management Console
and select Disable to remove the Exchange settings from the group. If
you no longer need a mail-enabled security group and it is not a built-in
group, you can permanently remove it from Active Directory by
right-clicking it in the Exchange Management Console and selecting
Remove.
Using the Exchange Management Shell, you can disable a group's Exchange features using the Disable-DistributionGroup cmdlet, as shown in Example 2.
Example 2. Disable-DistributionGroup cmdlet syntax and usage
Syntax
Disable-DistributionGroup -Identity GroupIdentity
[-DomainController FullyQualifiedName]
[-IgnoreDefaultScope {$true | $false}]
Usage
Disable-DistributionGroup -Identity 'cpandl.com/Users/AllSales'
Creating a New Distribution Group
You can create a new distribution group by completing the following steps:
-
In the Exchange Management Console, expand the Recipient Configuration node and then select the Distribution Group node.
Note
Only recipients in the current domain or organizational unit are
displayed. To view recipients in other domains or organizational units,
right-click the Recipient Configuration node and then select Modify
Recipient Scope. Use the options provided to configure the scope to use
and then click OK.
-
Right-click the Distribution Group node, and then select New Distribution Group. This starts the New Distribution Group Wizard. -
On the Introduction page, accept the default selection to create a new group and click Next. -
On the Group Information page, shown in Figure 2
the Organizational Unit field shows where in Active Directory the group
will be created. By default, this is the Users container in the current
domain. Because you'll usually need to create new groups
in a specific organizational unit rather than in the Users container,
select the Specify an Organizational Unit check box and then click
Browse. Use the Select Organizational Unit dialog box to choose the
location in which to store the account, and then click OK. -
Select a group type—either Security or Distribution. Generally, you'll want to create a mail-enabled
security group if you also want to use the group to manage access
permissions. Otherwise, you'll want to create a distribution group to
use the group only for mail distribution. -
Type a name for the group. Group names aren't case-sensitive and can be up to 64 characters long. -
The first 20 characters of the group name are used to set the
pre–Windows 2000 group name. This group name must be unique in the
domain. If necessary, change the pre–Windows 2000 group name. -
Like users, groups have an Exchange alias. Enter an alias. The Exchange alias is used to set the group's e-mail address. -
Click Next, and then click New to create the group. An e-mail
address is configured automatically for SMTP. Exchange Server uses the
SMTP address for receiving messages. Click Finish after creation of the
group is complete.
-
Creating the group isn't the final step. Afterward, you might want to do the following:
-
Add members to the group. -
Make the group a member of other groups. -
Assign a manager as a point of contact and control for the group. -
Configure membership approval settings for joining and leaving the group. -
Set message size restrictions for messages mailed to the group. -
Limit users who can send to the group. -
Change or remove default e-mail addresses. -
Add more e-mail addresses.
Note
By default, the new distribution group will be closed for joining but open for leaving.
In the Exchange Management Shell, you can create a new distribution group using the New-DistributionGroup cmdlet. Example 3
provides the syntax and usage. You can set the Type parameter to
Distribution for a distribution group or to Security for a mail-enabled
security group.
Example 3. New-DistributionGroup cmdlet syntax and usage
Syntax
New-DistributionGroup -Name ExchangeName [-Alias ExchangeAlias]
[-DisplayName DisplayName] [-OrganizationalUnit OUName]
[-PrimarySmtpAddress SmtpAddress] [-SamAccountName PreWin2000Name]
[-Type <Distribution | Security>] {AddtlParams}
{AddtlParams}
[-ArbitrationMailbox ModeratorMailbox] [-AutoApproveNestedDLEnabled
<$true | $false>] [-BypassNestedModerationEnabled <$true | $false>]
[-CopyOwnerToMember {$true | $false}] [-DomainController
FullyQualifiedName] [-ExternalManaged {$true | $false}] [-ManagedBy
RecipientIdentities] [-MemberDepartRestriction <Closed | Open |
ApprovalRequired>] [-MemberJoinRestriction <Closed | Open |
ApprovalRequired>] [-Members RecipientIdentities] [-ModeratedBy
Moderators] [-ModerationEnabled <$true | $false>] [-Notes String]
[-Organization OrgName] [-RoomList {$true | $false}]
[-SendModerationNotifications <Never | Internal | Always>]
Usage
New-DistributionGroup -Name 'CorporateSales' -Type 'Distribution'
-OrganizationalUnit 'cpandl.com/Sales'
-SamAccountName 'CorporateSales'
-DisplayName 'Corporate Sales'
-Alias 'CorporateSales'
|
