Methods of adding new mail enabled groups
Thursday, April 28, 2011 at 03:48PM In the 10135 Exchange class, we mention that there is a one step method to creating mail recipients (create the AD object and mail enable it via EMC) and a two step method (create the AD object in ADUC and then mail enable it in EMC).
Is there a difference between the two, you ask?
The answer is yes. Consider the exercise of creating global and universal distribution and security groups. We learned that you can no longer mail enable global groups and how to convert them to universals in the previous question.
The table below illustrates the seven additional attributes that the one step method gives us. It compares global and universal groups created in ADUC as a baseline. It then compares, mail enabling the universal distribution groups created in ADUC with universal distribution groups created in EMC.
|
Group Name |
Creation Point |
Status |
Object Attributes |
|
G_AD_DIST |
ADUC |
Total of 37 attributes |
No exchange attribs |
|
|
|
Mail enable in EMC? |
Cannot be done |
|
G_AD_SEC |
ADUC |
Total of 37 attributes |
No exchange attribs |
|
|
|
Mail enable in EMC? |
Cannot be done |
|
U_AD_DIST |
ADUC |
Before mail enabling |
No exchange attribs |
|
|
|
Mail enable in EMC: Total of 48 attributes 11 attributes are added. From legacyExchangeDN to msExchVersion, proxyAddresses, reportToOriginator, and showInAddressBook
Dist groups have one additional property named msExchUMDtmfMap |
|
|
U_AD_SEC |
ADUC |
|
No exchange attribs |
|
|
|
Mail enable in EMC: Total of 47 attributes |
|
|
U_EMC_DIST |
EMC |
Created and mail enabled in EMC Total of 55 attributes 7 attributes are added over a group created in AD and mail enabled in EMC. New attributes include internetEncoding, msExchArbitrationMailbox, msExchGroupDepartRestriction, msExchGroupJoinRestriction, msExchModerationFlags, msExchProvisioningFlags, and msExchTransportRecipientSettingsFlags |
|
|
U_EMC_SEC |
EMC |
Created and mail enabled in EMC Total of 54 attributes 7 attributes are added over a group created in AD and mail enabled in EMC. These are the same attributes listed in the cell above. |
|
You can also use the following AD Powershell cmdlet to retrieve the properties
Get-ADGroup U_EMC_SEC –properties * | fl
The bottomline question that is raised by this analysis is "Will I need these attributes in the future?". Most customers have historically used the Exchange 2003 version of ADUC to add mailbox enabled users, etc. Do we continue with a process similar to our existing process (the two step method) or do we change our process to the one step method?
My take is that over time those attributes will be necessary so think about implementing the one step method instead of facing a conversion or extension of the security principal.
As of April, 2011, a Bing or Google search of the 7 attributes do not provide any cogent statement of where these attributes are used.
Reader Comments