You can perform Exchange-related tasks (for example, creating or deleting email addresses) on Active Directory (AD) groups with the Active Roles Console.
To perform Exchange tasks on a group
-
In the Console tree, locate and select the folder that contains the group you want to perform Exchange tasks on.
-
In the details pane, right-click the group, then click Exchange Tasks to start the Exchange Task Wizard.
-
On the Available Tasks page of the wizard, select the task you want to perform.
The following tasks are available, depending on the selected group:
-
On the next page of the wizard, do one of the following, depending on the selected task:
-
Establish E-mail Addresses: Modify the alias of the group, if needed. By default, the alias is the same as the name of the group.
-
Delete E-mail Addresses: Confirm the deletion of the email addresses.
-
On the completion page of the wizard, review the results of the task. To view the progress report, click Back. To close the wizard, click Finish.
NOTE: Consider the following when performing Exchange tasks on a group:
-
You can perform Exchange tasks on multiple objects at a time. To do so, start the Exchange Task Wizard by selecting the objects, right-clicking the selection, and clicking Exchange Tasks.
-
To locate the objects on which you want to perform Exchange tasks, use the Find function of Active Roles. Once you found the objects, start the Exchange Task Wizard by selecting the objects in the list of search results, right-clicking the selection, and clicking Exchange Tasks.
You can move groups from one Active Directory container to another with the Active Roles Console.
To move a group
-
In the Console tree, locate and select the folder that contains the group you want to move.
-
In the details pane, right-click the group and click Move to display the Move dialog.
-
In the Move dialog, select the folder to which you want to move the group, then click OK.
NOTE: Consider the following when moving an object:
-
With Active Roles, directory objects can only be moved within the same domain. This means that the folder to which you want to move the object must belong to the same domain as the object.
-
You can move multiple objects at a time with the Move dialog. To open the dialog, select the objects, right-click the selection, and click Move. To select multiple objects, press and hold Ctrl, then click each object.
-
To locate the object that you want to move, use the Find function of Active Roles. Once you found the accounts, open the Move dialog by right-clicking the object, and clicking Move.
-
The Console provides the drag-and-drop function for moving objects. To move objects, you can drag the selection from the details pane to a destination container in the Console tree.
With the Active Roles Console, you can export groups to an XML file and then import them from that file to populate a container in a different domain. The export and import operations provide a way to relocate groups between domains.
To export groups, select them, right-click the selection, and select All Tasks > Export. In the Export Objects dialog, specify the file where you want to save the data, and click Save.
To import groups, right-click the container where you want to place the groups, and then click Import. In the Import Directory Objects dialog, select the file to which the groups were exported, and click Open.
You can delete Active Directory groups with the Active Roles Console.
To delete a group
-
In the Console tree, locate and select the folder that contains the group you want to delete.
-
In the details pane, right-click the group, then click Delete.
NOTE: Consider the following when deleting a group:
-
Deleting a group is a destructive operation that cannot be undone. Once a group is deleted, all permissions and memberships associated with that group are lost. Creating a new group with the same name as the deleted group does not automatically assign the permissions and memberships of the previously deleted group. Instead, you must manually re-create all permissions and memberships.
-
You can delete multiple objects at the same time by selecting the objects, right-clicking the selection, and clicking Delete. To select multiple objects, press and hold Ctrl, then click each object. If you select multiple objects, clicking Delete displays a dialog. To delete all the selected objects, select the Apply to all items check box, then click Yes.
-
As the confirmation message indicates, you can also deprovision groups instead of deleting them. Deprovisioning refers to a set of Active Roles actions that prevents using the group. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows administrators to adjust the deprovision policies as needed.
-
To deprovision a group, right-click the group in the details pane, and click Deprovision.
-
To locate groups for deletion or deprovisioning, use the Find function of Active Roles. Once you found the groups, delete or deprovision them by selecting the accounts in the list of search results, right-clicking the selection, and clicking Delete or Deprovision.
-
When attempting to delete an object, you may receive an error message that access is denied to the object. This can typically occur if the object is protected from deletion. To remove this protection, navigate to the Properties > Object tab of the object you want to delete, then clear the Protect object from accidental deletion check box. After that, try deleting the object again.
