Tài liệu Module 6: Managing Recipient Objects in Exchange 2000 ppt

Permissions can be granted for any object in Active Directory Users and Computers or Exchange System Manager by accessing the Security tab in the Properties dialog box for the object.. Q

Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, MS-DOS, MS, Windows, Windows NT, Active Directory directory service, ActiveX, BackOffice, FrontPage, Hotmail, MSN, Outlook, PowerPoint, SQL Server, Visual Studios, and Win32, are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Project Lead: David Phillips

Instructional Designers: Lance Morrison (Wasser), Janet Sheperdigian, Steve Thues

Lead Program Manager: Mark Adcock

Program Manager: Lyle Curry, Scott Hay, Janice Howd, Steve Schwartz (Implement.Com), Bill Wade (Wadeware LLC),

Graphic Artist: Kimberly Jackson, Andrea Heuston (Artitudes Layout and Design)

Editing Manager: Lynette Skinner

Editor: Elizabeth Reese (Write Stuff)

Copy Editor: Ed Casper (S&T Consulting), Carolyn Emory (S&T Consulting), Patricia Neff

(S&T Consulting), Noelle Robertson (S&T Consulting)

Online Program Manager: Debbi Conger

Online Publications Manager: Arlo Emerson (Aquent Partners)

Online Support: Eric Brandt

Multimedia Developer: Kelly Renner (Entex)

Compact Disc Testing: Data Dimensions, Inc

Production Support: Ed Casper (S&T Consulting)

Manufacturing Manager: Bo Galford

Manufacturing Support: Rick Terek

Lead Product Manager, Development Services:

Lead Product Manager: David Bramble

Group Product Manager: Robert Stewart

To teach this module, you need the following materials:

„#Microsoft® PowerPoint® file 1569A_06.ppt

„#A second mailbox store created on the instructor computer to demonstrate how to move a mailbox

3UHSDUDWLRQ#7DVNV#

To prepare for this module, you should:

„#Read all of the materials for this module

„#Complete the lab

„#Practice your demonstrations

„#Experiment with Ldfide.exe to make changes to the Active Directory™

LY# 0RGXOH#9=#0DQDJLQJ#5HFLSLHQW#2EMHFWV#LQ#([FKDQJH#5333#

0RGXOH#6WUDWHJ\#

Use the following strategy to present this module:

„#Preparing for Administration List the tools, hardware, and software requirements to administer Microsoft Exchange 2000 recipients Explain the permissions required to administer different Exchange objects

„#Types of Recipients Describe the various types of recipients

„#Creating Users Demonstrate how to create a user and discuss the various options available

„#Creating Contacts Demonstrate how to create a contact and discuss the various options

„#Creating Distribution Lists Demonstrate how to create a distribution list and discuss the various options

„#Making Bulk Changes to the Directory Describe the utilities available and give some simple examples of scripts that can be used to make changes to Active Directory

be made to Active Directory by using scripts

At the end of this module, you will be able to:

„#Configure computers and users for Exchange 2000 administration tasks

„#List and describe the various Exchange 2000 recipients

„#Create and manage Exchange 2000 users

„#Create and manage Exchange 2000 contacts

„#Create and manage Exchange 2000 distribution lists

„#Make bulk changes to Active Directory™ directory service by using scripts

to access the server

Access to an Exchange server requires appropriate permissions You can set different levels of permissions depending on an administrator’s job

The built-in Users container is intended for use only during migration or upgrade from Microsoft Windows NT® version 4.0 Create custom

organizational units to contain your other user accounts

These consoles can be installed on any computer running Microsoft Windows 2000 You will probably not perform administration tasks on the computer running Exchange 2000

Ç#To prepare an administrator computer

1 In Control Panel, double-click Add/Remove Programs, and then click Add/Remove Windows Components

2 Select Internet Information Services, and then click Details

3 Add Simple Mail Transfer Protocol (SMTP) service

The SMTP service is required for Exchange 2000 Beta 3 Also, it is not possible to add the SMTP service during Windows 2000 Professional installation

$GPLQLVWHULQJ#([FKDQJH#5333#DQG#([FKDQJH#6HUYHU#818#You can install Exchange 2000 administrative tools on the same computer that

is running the Exchange Server 5.5 administrative tools However, you need to uninstall the Exchange Server 5.5 tools first so that Exchange 2000 does not detect a previous installation of Exchange Server 5.5 and prevent you from continuing with the installation (because Exchange 2000 Beta 3 does not support upgrades) After the Exchange 2000 system management tools are installed, you must manually copy Exchange Administrator program files from the Exchange Server 5.5 compact disc

1RWH#

on to that server directly

You must install Terminal Services on the computer running Exchange 2000 Then you can install the Terminal Services client on the administrator computer The Terminal Services client can be used with the following hardware and operating systems to administer Exchange 2000:

„#Computers running Windows 95 or Windows 98

„#Computers running Windows NT® Workstation version 3.51 or 4.0

„#Computers running Windows 2000

„#Computers running Windows for Workgroups version 3.11

„# Computers running Windows CE version 2.11

Permissions can be granted for any object in Active Directory Users and

Computers or Exchange System Manager by accessing the Security tab in the Properties dialog box for the object In Exchange 2000 Beta 3, the final

permissions structure is not fully designed and therefore cannot be fully documented

Exchange Server 5.5 roles granted a set of permissions to an administrator depending on the role selected Although these roles no longer exist in Exchange 2000, selecting or clearing certain permissions causes other permissions to be automatically selected or cleared For example, assigning Windows 2000 permissions of Full Control, Read, Write, or Execute to Active Directory objects forces other permissions’ check boxes to become selected automatically

Many different types of permissions exist that can be granted on a per-user or per-group basis Five predefined groups of users with permissions already granted are shown in the following table

Admins

Exchange Servers Domain Admins Exchange Admins Everyone

Modify Public Folder Admin ACL

Yes Yes Yes Yes No

Modify Public Folder Replica List

Yes Yes Yes Yes No

Create Named Properties in the Information Store

Yes Yes Yes No Yes

One way to organize administrators and easily grant appropriate permissions is

to create groups of administrators who have the same access privileges Three levels of administration that should meet most business needs include enterprise administrators, administrative group administrators, and recipient

administrators

(QWHUSULVH#$GPLQLVWUDWRUV#

Windows 2000 installs default groups in the Builtin container in Active Directory Users and Computers The Builtin local security group called Administrators has all permissions to manage the Windows 2000 domain The Domain Admins and Enterprise Admins global security groups are members of the Administrators group and therefore also are granted all permissions in the Windows 2000 domain

The Domain Admins and Exchange Admins global security groups are granted rights to administer the Exchange 2000 organization These rights are inherited from the parent object, which in this case is the server’s Configuration

container

The Configuration container is hidden from view in Exchange System Manager You can view the Configuration container by running Adsiedit.exe from the Windows 2000 Support Tools

To assign users to administer the entire enterprise, add them to the Enterprise Admins group By default, members of Enterprise Admins have nearly full control of both Active Directory and Exchange 2000

# 0RGXOH#9=#0DQDJLQJ#5HFLSLHQW#2EMHFWV#LQ#([FKDQJH#5333# <#

$GPLQLVWUDWLYH#*URXS#$GPLQLVWUDWRUV#

Many companies may want to take advantage of the new administrative group model To do this, simply create a global security group in Active Directory and

grant this group permissions on the Security tab in the Properties dialog box

for the specific administrative group These permissions should be the same as those for Enterprise Admins, except that they are only valid within the selected administrative group

5HFLSLHQW#$GPLQLVWUDWRUV#

Recipient administrators administer all aspects of user objects You can use the

built-in Windows 2000 Account Operators security group as a single location for recipient administrators Grant the Account Operators group Full Control permission over the administrative group within Exchange 2000 in which you want them to be able to create users Recipient administrators must be able to create accounts in Active Directory in addition to enabling a mailbox in Exchange 2000

All user administration permissions must include rights to Active Directory in addition to Exchange This reflects the change from earlier versions of Exchange where Exchange managed its own directory, rather than relying on the operating system

Any user who you want to administer any level of Exchange 2000 must have at least Read permissions on the Exchange organization container

1RWH#

„#Mailbox-enabled user A mailbox-enabled user has an Exchange mailbox

associated with it, in addition to an e-mail address As a result, a enabled user can send and receive e-mail messages For example, an ordinary corporate employee would be a mailbox-enabled user

mailbox-„#Mail-enabled user A mail-enabled user has a Windows 2000 authentication

account and a foreign e-mail address associated with it, but no Exchange mailbox This allows users to easily locate and send mail to a user that does not have a mailbox in the Exchange 2000 organization For example, an onsite contract employee might be a mail-enabled user

„#Mail-enabled contact A mail-enabled contact is a user that has neither a

Windows 2000 authentication account or an Exchange mailbox in the associated Exchange organization, but that you want to see in the directory for other purposes, such as including them on a distribution list membership For example, an offsite employee might be a mail-enabled contact

„#Distribution list A distribution list is a group of users who may or may not

have Exchange mailboxes

After you enable an Exchange mailbox, several new tabs appear on the user object which allow you to configure various Exchange 2000 settings

After settings are configured, an administrator can change the settings later A typical change an administrator may need to make is moving a user’s mailbox

*HQHUDO $GGUHVV $FFRXQW 3URILOH 7HOHSKRQHV 2UJDQL]DWLRQ 7KRPDV#11#:LOOLDPV

later The following table describes configuration settings for the other tabs

informational purposes only (to be used by foreign Lightweight Directory Access Protocol (LDAP) clients, for example)

Department Company

Enter the user’s job title, department, and company information as you want it displayed

in the address lists

Manager Direct Reports

Enter the user’s job supervisor in the Manager box The Direct Reports box automatically

updates based on information compiled from

each user object’s Manager box

addresses In order for a user to receive mail from a foreign system, the user’s proxy address,

as defined on this tab, must match exactly the recipient address entered on the message

home server and domain name

OK Cancel Apply Help

Several properties can be specified on the Exchange General tab:

„#Mailbox Store This property indicates in which store this mailbox is

located To change where the mailbox is located, use the Move task on the

user object’s context menu

„#Alias Modifies the Exchange alias This alias accesses a mailbox and sends

mail to an Exchange recipient The Exchange alias does not have to match the Windows 2000 alias or any proxy addresses, but it is easier for users and

support personnel if the aliases and addresses are the same

„#Delivery Restrictions Click this button to configure outgoing and incoming

message size limitations in addition to restricting who this mailbox can receive mail from You can configure these restrictions organization-wide

by setting the appropriate properties on the Global Settings container’s Message Delivery object The sender receives a detailed non-delivery report (NDR) for messages sent to a restricted or limited mailbox The recipient

will not be notified of the failed delivery attempt

„#Delivery Options Click this button to identify a delegate user for this

mailbox The defined delegate would have “Send on behalf of” permission for this mailbox You can also configure a forwarding address for this mailbox in the event a user is temporarily away (similar to the alternate recipient feature in Exchange Server 5.5) Additionally, you can configure the maximum number of recipients this mailbox can send to in a given message

„#Storage Limits Click this button to override the mailbox store’s Limits tab

properties Overriding the Limits tab properties will allow you to define unique limits at which this mailbox will receive an over-limit message and prevent this mailbox from sending and receiving mail You can also define whether items removed from the user’s Deleted Items folder will be held for

a period of time for recoverability purposes, and if the deleted items must be

backed up prior to being purged from the server

47# 0RGXOH#9=#0DQDJLQJ#5HFLSLHQW#2EMHFWV#LQ#([FKDQJH#5333#

([FKDQJH#$GYDQFHG#7DE#

&DQFHO

([FKDQJH#$GYDQFHG 6LPSOH#GLVSOD\#QDPH=

$SSO\

(QYLURQPHQW 6HVVLRQV

+LGH#IURP#([FKDQJH#DGGUHVV#OLVWV 'RZQJUDGH#KLJK#SULRULW\#PDLO#ERXQG#IRU#;1733

Several options can be specified on the Exchange Advanced tab:

Active Directory Users and Computers will not expose the advanced property pages until you select the Advanced Features mode This includes the

Exchange Advanced tab, which will only appear in Advanced mode

„#Simple display name Type the display name that will be used by systems

that cannot interpret all the characters in the normal display name

„#Hide from Exchange address lists Select this option to prevent this mailbox

from being displayed in any address list

In Exchange Server 5.5 a user that does not appear in an address list cannot access his or her account by using Outlook Web Access With Exchange 2000, this user can now use Outlook Web Access

„#Downgrade high priority mail bound for X.400 Select this option to prevent

the user from sending high-priority mail to a foreign X.400 system

„#Custom Attributes Select this option to customize any of 15 additional

extension attributes Use these to enter employee ID numbers or other information you want available on the user’s properties These are visible

from the messaging client

„#Protocol settings Click this button to customize the user’s Hypertext

Transfer Protocol (HTTP), Post Office Protocol version 3 (POP3), or Internet Message Access Protocol version 4 (IMAP4) settings These settings are inherited from the virtual server that is defined on the Exchange

server where the mailbox is created

In Exchange 2000 Beta 3 inheritance is not functioning for POP3 and IMAP4

# 0RGXOH#9=#0DQDJLQJ#5HFLSLHQW#2EMHFWV#LQ#([FKDQJH#5333# 48#

• HTTP Enable or disable this mailbox for Outlook Web Access

• IMAP4 Enable or disable this mailbox for IMAP4 Configure the message

body to be Multipurpose Internet Mail Extensions (MIME) encoded as plain text, HTML, or both Choose to use Microsoft Exchange Rich Text Format (RTF) if the client supports it Specify to include all public folders when a folder list is requested Enable fast message retrieval Enable user

permission to other mailboxes

• POP3 Enable or disable this mailbox for POP3 Also, override default

settings for MIME versus UUEncode and character set Select option to use

Microsoft Exchange RTF, if the POP3 client supports it

„#ILS Settings Click this button to enter the user’s ILS server and ILS account

if they will be participating in online meetings When a remote user initiates

an online meeting from within Outlook, the local user’s IP address will be returned to the remote user making the request This IP address is all that is

necessary to launch an online meeting

„#Mailbox Rights Click this button to configure all access rights to this

mailbox Assign “Send as” permissions here

By default, RTF support is set to no support If you enable RTF support

on the recipient object and the user does not use one of the following Exchange clients—Windows CE, Outlook® 98, Outlook 2000—then all RTF data will be packaged into a binary file named Winmail.dat This file is unusable and harmless However, all RTF attachments sent to the user will be encapsulated in the Winmail.dat file, and the user will be unable to access them For example, Outlook Express cannot interpret RTF and will not display the Winmail.dat file

to the user The user may not know that there should have been an attachment

1RWH#

You should move user mailboxes only when you have a compelling reason to

do so Some examples include:

„#A user has physically or logically relocated

„#You have server performance issues For example, you may need to reduce the time required to complete store backups on a given server

„#The database has grown and you need to balance the load on the server

You cannot move mailboxes between administrative groups in Exchange 2000 Beta 3 As in Exchange Server 5.5, you must download user mail to a pst file and manually move the user’s data to the new mailbox

Ç#To move a mailbox

1 Right-click the user object in Active Directory Users and Computers and click Move Exchange Mailbox

2 Type the destination server name and mailbox store, and then click OK

All of the user’s mail will be moved automatically

To move multiple mailboxes, use the CTRL key to select the mailboxes

2WKHU«

2WKHU«

John Wood Properties

([FKDQJH#*HQHUDO (0PDLO#$GGUHVVHV ([FKDQJH#)HDWXUHV 6HFXULW\

0HPEHU#2I 2EMHFW

A Windows 2000 contact replaces the Exchange Server 5.5 custom recipient A contact is any user defined in an Exchange directory that does not have a mailbox In other words, contacts are visible in the directory but receive their mail from a foreign system Contacts make it easy for internal users to send messages because the contact can be picked from the address lists and added to personal distribution lists

A contact might be created for a remote contractor that has no need for access

to your network, but whose information you would like to include in Active Directory If you would like to be able to send mail to the contact via internal distribution lists or by choosing the contact from your Exchange 2000 global address list, enable the contact object for mail in Active Directory by following the same steps as for mail-enabling a user This is different from a mail-enabled user that might be created for an on-site contractor requiring access to the network, but who wants to continue receiving their e-mail through his or her Internet service provider (ISP)

After a contact is mail-enabled, a number of new property pages are added for your further configuration