To create a query-based distribution group
- In the console tree, right-click the folder in which you want to add the group, and select New | Query-based Distribution Group.
- In Query-based Distribution Group name, type a name for the group, and then click Next.
- The box under Apply filter to recipients in and below displays the folder to search for recipients. Click Change to select the folder that contains the recipients you want the group to include.
The query returns only recipients in the selected folder and its sub-folders. To get the results that you want, you may have to select a parent folder or create multiple queries.
- Under Filter, do one of the following:
- Click Include in this query-based distribution group, and then click each item you want to include in the criteria for membership in the query-based distribution group. The following criteria are pre-defined:
- Users with Exchange mailbox
- Users with external e-mail addresses
- Groups that are mail-enabled
- Contacts with external e-mail addresses
- Public folders that are mail-enabled
- Click Customize filter and then click Customize to create your own criteria for the query.
- Click Next to see a summary of the query-based distribution group you are about to create.
- Click Finish to create the query-based distribution group. The new query-based distribution group is displayed in the details pane.
- Right-click the query-based distribution group you just created and click Properties.
- On the Preview tab, click Start to view the query results and verify that the correct recipients are included in the group.
|
|
NOTE:
- A query-based distribution group provides the same functionality as a standard distribution group, but instead of specifying static user memberships, a query-based distribution group allows you to use an LDAP query to dynamically build membership in the distribution group (for example “All full-time employees in my company”).
- When creating a query-based distribution group, it is a good practice to use the Preview option. If the LDAP filter string contains bad formatting or incorrect LDAP syntax, the query-based distribution group does not work as expected: When a user sends mail to such a group, the user receives a non-delivery report (NDR). The Preview tab helps prevent you from constructing an incorrect query. Use the Preview tab to verify the validity and expected results of the query.
- The Preview option is useful not only for query validation, but also to determine how long it takes a query to run. Based on this time, you can decide whether to divide the query into smaller queries for better performance.
|
Active Roles provides the capability to automatically keep group membership lists up to date, eliminating the need to add and remove members manually. To automate the maintenance of group membership lists, Active Roles employs the following features:
- Rule-based mechanism that automatically adds and removes objects to groups whenever object attributes change in Active Directory.
- Flexible membership criteria that enable both query-based and static population of groups.
In Active Roles, rules-based groups are referred to as dynamic groups. The groups that have no membership rules specified are referred to as basic groups. Any security or distribution group can be converted to dynamic group by adding membership rules.
You can create a dynamic group by managing a basic group as follows: right-click the group, click Convert to Dynamic Group, select a rule type, and then configure a rule. For details, see “Steps for Adding a Membership Rule to a Group” in the Active Roles Administration Guide.
When you convert a basic group to a dynamic group, the group loses all members that were added to the group when it was basic. This is because the membership list of a dynamic group is entirely under the control of membership rules.
Once membership rules are added to a group, the group only includes the objects that comply with the membership rules. Active Roles overrides any changes made directly to the membership list by any administrative tool.
|
|
NOTE: In the Active Roles console, dynamic groups are marked with this icon:  . Also, a special note on the General tab makes it possible to distinguish between dynamic groups and basic groups when using administrative tools other than Active Roles. |
For dynamic groups, the Properties dialog box includes the Membership Rules tab. The Members tab for a dynamic group cannot be used to manage the membership list. It is only used to display a list of group members.
You can return a dynamic group to basic state as follows: right-click the group and click Convert to Basic Group. Then, click Yes to confirm the conversion. This operation removes all membership rules from the group. The group membership list remains intact as of the time of the conversion.
For more information about dynamic groups, refer to the “Dynamic Groups” chapter in the Active Roles Administration Guide or Active Roles Help.
By using temporal group memberships, you can manage group memberships of objects such as user or computer accounts that need to be members of particular groups for only a certain time period. This feature of Active Roles gives you flexibility in deciding and tracking what objects need group memberships and for how long.
This section guides you through the tasks of managing temporal group memberships in the Active Roles console. If you are authorized to view and modify group membership lists, then you can add, view and remove temporal group members as well as view and modify temporal membership settings on group members.
A temporal member of a group is an object, such as a user, computer or group, scheduled to be added or removed from the group. You can add and configure temporal members using the Active Roles console.
To add temporal members of a group
- In the Active Roles console, right-click the group and click Properties.
- On the Members tab in the Properties dialog box, click Add.
- In the Select Objects dialog box, click Temporal Membership Settings.
- In the Temporal Membership Settings dialog box, choose the appropriate options, and then click OK:
- To have the temporal members added to the group on a certain date in the future, select On this date under Add to the group, and choose the date and time you want.
- To have the temporal members added to the group at once, select Now under Add to the group.
- To have the temporal members removed from the group on a certain date, select On this date under Remove from the group, and choose the date and time you want.
- To retain the temporal members in the group for indefinite time, select Never under Remove from the group.
- In the Select Objects dialog box, type or select the names of the objects you want to make temporal members of the group, and click OK.
- Click Apply in the Properties dialog box for the group.
|
|
NOTE:
- To add temporal members of a group, you must be delegated the authority to add or remove members from the group. The appropriate authority can be delegated by applying the Groups - Add/Remove Members Access Template.
- You can make an object a temporal member of particular groups by managing properties of the object rather than properties of the groups. Open the Properties dialog box for that object, and then, on the Member Of tab, click Add. In the Select Objects dialog box, specify the temporal membership settings and supply the names of the groups as appropriate for your situation.
|
