Managing Distribution Groups in Exchange Server (Part 3)

If you would like to read the other parts in this article series please go to:

Defining Default location for Distribution Groups

This is a question that always comes up in the Microsoft Forums. As we have seen in this article series, using Exchange Server 2010 we can empower users to create their own groups but how can we configure a standard location for the new groups? It’s a piece of cake! Basically, we can use an existent OU or create a new place for all new groups, after that we just need that OU as the new location using the Set-OrganizationConfig cmdlet. The complete syntax of the cmdlet to do the required change is shown below:

Set-OrganizationConfig –DistributionGroupDefaultOU <AD Location>

Where <AD Location> can be using the following format: apatricio.local/General.

Creating a Dynamic Distribution Group…

Now that we covered how we can manage Distribution Groups, we can look into Dynamic Groups. They can be used in several scenarios and if you have a structured Active Directory you can take advantage of these type of groups and start creating them for location distribution groups, especially when you have a higher number of users being created and removed on a daily basis.

Nowadays, I still see several companies using a Distribution Group for an entire region and any new employee has to be added manually to that group which is okay but by just using Dynamic Distribution Groups we can remove such painful task from our Help Desks and avoid any user complains about their name not showing up in the Global Address List because someone forgot to add them manually to a group.

In the following example, we are going to create a Dynamic Distribution Group to cover all mailbox enabled users in an Organization Unit created to host all users from the Gaucho Country, as follows:

  1. Open Exchange Management Console

  2. Expand Microsoft Exchange On-Premises (<Server-Name>)

  3. Expand Recipient Configuration

  4. Click on Distribution Group

  5. Click on New Dynamic Distribution Group in the Toolbox Actions

  6. In the Introduction page. Let’s configure the OU where the group object will be created, and type in Name and Alias based on your naming standard (Figure 01)


Figure 01

  1. In the Filter Settings page, we find a critical setting of Dynamic Distribution Groups. Basically, we are defining the query process to populate this new group. The most important is to define the OU that will be used with this filter which we can define it by just clicking on Browse (Figure 02); the second option is which type of object we want to be displayed. If you are creating a Dynamic Distribution Group to send information about the company, it may not be a good idea to have Resource Mailboxes, external contacts, external e-mail address and/or mail-enabled groups in the same group.
    Note:  If you have several OUs and your query has users on different child OUs, make sure to select the parent Organization Unit.


Figure 02

  1. In the Conditions page, we can narrow down a little bit more the filter by saying that only users that have a specific attribute with a specific value will be listed, as shown in Figure 03. In the same page we have the Preview button that allows us to make sure that the query is working as expected (Figure 04). Click on Next.


Figure 03


Figure 04

  1. In the New Dynamic Distribution Group page. Click on New to create the new group.

  2. In the Completion page. The result of the operation will be displayed click on Finish.

Bear in mind that Dynamic Distribution Groups cannot be changed using Active Directory Users and Computers, you have to use Exchange Management Console or Exchange Management Shell to change its filter if you want to include users that are not showing up in the Distribution Group.

Managing Security in Distribution Groups…

Either group type can be locked down using a couple of simple settings. By default any new group created won’t receive messages from Senders outside your organization, the reason is that the option Require that all senders are authenticated is enabled by default. In order to change such behavior, double click on the desired group, click on Mail Flow Settings tab and then double click on Message Delivery Restriction item, as shown in Figure 05.

By default, all users can send messages to a group however in some companies it not a good idea to keep such ability to Dynamic Distribution Groups for an entire region. If you leave the default setting I’m quite sure that a smart user will send a baby shower or a really nice joke to that group and it may upset a lot of people. If you want to avoid this kind of situation, make sure that the option Only senders in the following list is selected and click on Add to select only the mailbox that have the permission to send to that group.


Figure 05

We also have a couple of security features that can be useful in some scenarios that can be found on the Advanced tab (Figure 06). If you have a group that you don’t want to share with the rest of your company (in the Global Address List) you just need to click on Hide group from Exchange address lists. Another useful option is to configure the delivery reports of a specific group. You can configure that to be send to the group manager, to the message originator or to do not send delivery reports at all.


Figure 06

Depending of the Distribution Group nature some companies want to archive the messages sent to the group, we have several ways to do that using Exchange Server especially in Exchange Server 2010 where we have eDiscovery to find out information. If you are still using Exchange Server 2007 or even Exchange Server 2003 you can accomplish that in a couple different ways, such as: Create a dummy account and add this account as member of the group or add a Public Folder as member of the group.

Conclusion

In this final article we checked how to create Dynamic Distribution Groups, and also how to manage basic security for either Dynamic or regular Distribution Groups.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top