Tài liệu Module 5: Creating and Managing Recipient Objects pptx

Types of Recipients $E-mail Addresses Created $Shown in Address Lists $Can Be a Recipient $E-mail Addresses Created $Shown in Address Lists $Can Be a Recipient User Contact Group $E-mail

Contents

Overview 1

Configuring Recipient Objects 8

Making Bulk Changes to the Directory 20

Lab A: Managing Exchange 2000 Recipient

Objects 34

Lab B: Creating a Recipient Policy 39

Lab C: Creating and Applying a Mailbox

to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may

be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property

 2000 Microsoft Corporation All rights reserved

Microsoft, Active Directory, BackOffice, Jscript, NetMeeting, Outlook, Windows, and Windows

NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted

Other product and company names mentioned herein may be the trademarks of their respective owners

Program Manager: Steve Thues

Product Manager: Megan Camp

Instructional Designers: Bill Higgins (Volt Technical), Jennifer Morrison, Priya Santhanam

(NIIT (USA) Inc), Samantha Smith, Alan Smithee

Instructional Software Design Engineers: Scott Serna

Subject Matter Experts: Krista Anders, Megan Camp, Chris Gould (Global Logic Ltd),

Janice Howd, Elizabeth Molony, Steve Schwartz (Implement.Com), Bill Wade (Wadeware LLC)

Technical Contributors: Karim Batthish, Paul Bowden, Kevin Kaufman, Barry Steinglass,

Jeff Wilkes

Graphic Artist: Kimberly Jackson (Independent Contractor)

Editing Manager: Lynette Skinner

Editor: Kelly Baker

Production Manager: Miracle Davis

Build Manager: Julie Challenger

Production Support: Marlene Lambert (Online Training Solutions, Inc)

Test Manager: Eric Myers

Courseware Testing: Robertson Lee (Volt)

Creative Director, Media/Sim Services: David Mahlmann

Web Development Lead: Lisa Pease

CD Build Specialist: Julie Challenger

Localization Manager: Rick Terek

Operations Coordinator: John Williams

Manufacturing Support: Laura King; Kathy Hershey

Lead Product Manager, Release Management: Bo Galford

Lead Product Manager, Messaging: Dave Phillips

Group Manager, Courseware Infrastructure: David Bramble

Group Product Manager, Content Development: Dean Murray

General Manager: Robert Stewart

Instructor Notes

This module provides students with the information and experience needed to create, configure, and manage recipient objects It covers information about how to modify the Active Directory™ directory service objects in Microsoft®Windows® 2000 so that they can use Exchange 2000

After completing this module, students will be able to:

! Create recipient objects, including mailbox-enabled users, and mail-enabled users, contacts, and groups

! Configure users, groups, and contacts

! Manage recipient objects by creating additional e-mail addresses, by applying rights and permissions, and by moving mailboxes between databases or servers

! Make bulk changes to the directory by importing and exporting Active Directory information

! Configure recipient policies and mailbox store policies

Materials and Preparation

This section provides the materials and preparation tasks that you need to teach this module

Required Materials

To teach this module, you need the following materials:

! Microsoft PowerPoint® file 1572A_05.ppt

Preparation Tasks

To prepare for this module, you should:

! Read all of the materials for this module

! Complete the lab

Presentation:

60 Minutes

Lab:

45 Minutes

Module Strategy

Use the following strategy to present this module:

! Creating Recipient Objects This topic lists the various types of recipients Describe each recipient type and its capabilities Explain the difference between mailbox-enabling and mail-enabling Explain how to create a mailbox for a user Explain how to create a mail-enabled user, contact, or group

! Configuring Recipient Objects This topic covers information on how to configure a user’s mailbox Explain the various configuration options available Demonstrate how to create a mail-enabled contact and a mail-enabled group

! Managing Recipient Objects This topic covers information on enabling a recipient to receive e-mail sent

to more than one e-mail address in the same mailbox Explain how to restrict access to recipient objects Explain how to move a mailbox from one Exchange server to another

! Making Bulk Changes to the Directory This topic covers information on how to import and export Active Directory information and how to make changes to Active Directory objects Explain how to create input files for the Lightweight Directory Access Protocol(LDAP), Data Interchange Format Directory Exchange (LDIFDE) and the Comma Separated Value Directory Exchange (CSVDE) utilities and how to execute these utilities

! Configuring Policies This topic covers information on how to create and configure recipient policies Explain how to create LDAP queries Describe the mailbox store settings that you can configure by creating mailbox store policies

Customization Information

This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware

The labs in this module are also dependent on the classroom configuration that is specified in the Customization Information section at the

end of the Classroom Setup Guide for course 1572A, Implementing and Managing Microsoft Exchange 2000

! Complete the labs for Module 2, “Installing Microsoft Exchange 2000,” in

course 1572A, Implementing and Managing Microsoft Exchange 2000

! Install Exchange 2000 at D:\Program Files\Exchsrvr on each server into an organization named Northwind Traders Components installed are Microsoft Exchange Messaging and Collaboration Services, Microsoft Exchange System Management Tools, and Microsoft Exchange Instant Messaging Service Have the students create a custom MMC in the C:\Documents and

Settings\All Users\Desktop that is saved as your_firstname Console The

MMC contains the Active Directory Users and Computers snap-in and the Exchange System snap-in

Setup Requirement 2

The labs in this module require a custom organizational unit, a user account for each student, a mailbox for each student, an Outlook profile, and for the Domain Admins group to be delegated full control of the organization To prepare student computers to meet this requirement, perform one of the following actions::

! Complete the labs for Module 3, “Administering Microsoft Exchange

2000,” in course 1572A, Implementing and Managing Microsoft Exchange

2000

! Create an organizational unit in Active Directory that is named

your_servernameOU for each server in the classroom Create a user account

in each server’s OU for each student The account is a member of the Domain Admins group and has a mailbox on the student’s Exchange server Create an Outlook profile for each student on their own server that opens their mailbox Delegate the full administrator role on the Northwind Traders organization

Important

Lab Results

Performing the labs in this module introduces the following configuration changes:

! A user is created named Assistant your_servername that has send on behalf

of permission on the your_username mailbox

! A contact is created that has an SMTP address and a telephone number

! A recipient policy is created that generates a secondary SMTP address for

contacts that have the city attribute set to your_servername

Overview

! Creating Recipient Objects

! Configuring Recipient Objects

! Managing Recipient Objects

! Making Bulk Changes to the Directory

! Configuring Policies

Microsoft® Exchange 2000 recipients include Exchange users, contacts, and groups You can administer Exchange 2000 recipients through the Active Directory™ directory service by using Active Directory Users and Computers

In addition, there are utilities that you can use to make direct changes to Active Directory by using scripts

After completing this module, you will be able to:

! Create recipient objects, including mailbox-enabled users, and mail-enabled users, contacts, and groups

! Configure users, groups, and contacts

! Manage recipient objects by creating additional e-mail addresses, by applying rights and permissions, and by moving mailboxes between databases or servers

! Make bulk changes to the directory by importing and exporting Active Directory information

! Configure recipient policies and mailbox store policies

In this module, you will learn

about creating and

managing recipient objects

# Creating Recipient Objects

! Types of Recipients

! Exchange Tasks Wizard

! Creating Mailboxes

! Establishing E-mail Addresses

When you create a user account in Active Directory, you can also grant the user access to network resources However, for a user to be able to send or receive e-mail, you must make the user a recipient by mailbox-enabling or mail-enabling them A contact or group appears in the address list only if the contact or group

is mail-enabled Mailbox-enabled or mail-enabled objects are also called recipient objects

Topic Objective

To introduce this topic

Lead-in

You must create recipient

objects for users, contacts,

and groups to enable them

to send or receive mail

Types of Recipients

$E-mail Addresses Created

$Shown in Address Lists

$Can Be a Recipient

$E-mail Addresses Created

$Shown in Address Lists

$Can Be a Recipient

User

Contact

Group

$E-mail Addresses Created

$Shown in Address Lists

$Can Be a Recipient

$E-mail Addresses Created

$Shown in Address Lists

$Can Be a Recipient

$Can Receive and Store Messages

Mailbox-Enabled Mailbox-Enabled

Mail-Enabled Mail-Enabled

Mail-Enabled Mail-Enabled

Mail-Enabled Mail-Enabled

There are several types of recipients in Exchange 2000 A recipient may or may not have an Exchange 2000 mailbox The recipients include user, contact, and group

User

You can enable a user account created in Active Directory to send or receive mail by mailbox-enabling the user or mail-enabling the user

! Mailbox-enabled user A mailbox-enabled user has an Exchange 2000

mailbox and an e-mail address As a result, a mailbox-enabled user can send and receive e-mail messages For example, a corporate employee would be a mailbox-enabled user

! Mail-enabled user A mail-enabled user has a Windows 2000 authentication

account and an external e-mail address associated with it, but no Exchange mailbox A mail-enabled user is listed in the address list This enables other users to easily locate and send mail to a user even if the user does not have a mailbox in the Exchange 2000 organization For example, you may create a mail-enabled user for onsite contract employees requiring access to the network, but who want to continue receiving their e-mail through their Internet service provider (ISP)

Contact

A mail-enabled contact is a user that has neither a Windows 2000 authentication account nor an Exchange mailbox in the associated Exchange organization Mail-enabled contacts are visible in the directory but receive their mail from a foreign system Mail-enabled contacts make it easy for internal users to send messages to them because a user can address a mail to a contact simply by selecting the contact from the appropriate address list For example, you can create a mail-enabled contact for an offsite employee who does not need to access your network, but whose information you would like to include

in Active Directory

Topic Objective

To list and describe the

various types of recipients

Lead-in

Various types of accounts

exist in Windows 2000, each

with differing access to

Exchange 2000

Group

A mail-enabled group can be either a distribution group or a security group Once a group is mail-enabled, it will appear in address lists and can receive messages These messages will be sent to the members of the group that have

an e-mail address

Exchange Tasks Wizard

Move Mailbox Enable or Disable Instant Messaging Establish or Delete E-Mail Addresses

Hide or Unhide Group Memberships Add or Remove Mailboxes

You can configure users, contacts, and groups for messaging using the Exchange Tasks Wizard You can use the Exchange Tasks Wizard to perform the following tasks:

! Add or remove mailboxes for user objects

! Establish or delete e-mail addresses for users, contacts, and groups

! Move a user’s mailbox to another server running Exchange 2000 in the organization

! Enable or disable Instant Messaging for a user if Instant Messaging is installed

! Hide or expose group memberships

You can hide group membership by adding the Everyone built-in group

to the discretionary access control list (DACL) of the group with Deny applied

to the Read permission Although the membership will be hidden, administrators will still be able to add members to the group

The following table summarizes the available functionality of the Exchange Tasks Wizard for a recipient

Topic Objective

Administer recipients using

the Exchange Tasks

Wizard

Lead-in

You can use the Exchange

Tasks Wizard to manage

users, group, and contacts

Note

User and Mailbox Created

New Object - User

To create mailbox-enabled user, you create a mailbox for the user You can send mail to or receive mail from mailbox-enabled users

When you create a user in Active Directory in a forest where Exchange 2000 is installed, a mailbox is automatically created You can choose not to create a mailbox when creating the user In such a case, you can create a mailbox for a user at a later time by using the Exchange Tasks Wizard The Exchange Tasks Wizard will prompt you to specify the server, storage group, and store The wizard then creates the mailbox in the specified store

When a mailbox is created for a user, several new tabs appear in the Properties

dialog box for the user object You can use these tabs to configure various Exchange 2000 settings, such as delivery restrictions and delivery options You can change these settings at any time For example, you might want to move a user’s mailbox to another server to balance the load on your servers

An alias is also created when you create the mailbox By default, the user’s logon name is used as the alias However, you can choose to specify a custom alias while creating the mailbox

Topic Objective

To explain how to create

mailboxes for users

Lead-in

To be able to send mail to a

user, contact, or group, you

need to create a mailbox or

establish an e-mail address

for them

Establishing E-mail Addresses

New Object - Group

E-mail Address Established

E-mail Address Established

New Object - User

Establish an E-mail Address

Establish an E-mail Address

Create Group Establish an E-mail Address Establish an E-mail Address

Contacts And Groups

Contacts And Groups

User

You can establish e-mail addresses for users, contacts, and groups Once you establish an e-mail address, the recipient will appear in address lists

Creating an E-mail Address for a User

A mail-enabled user is similar to a contact in Exchange, except that the user is a security principal and can be given access to network resources in Active Directory

In order to create a mail-enabled user, you must first create the user without a mailbox, and then use the Exchange Tasks Wizard to establish an e-mail address

Creating an E-mail Address for a Contact

You can establish an e-mail address for a contact when you create the contact Alternatively, you can establish an e-mail address after the contact has been created, using the Exchange Tasks Wizard When mail-enabling a contact, you need to configure the alias and the e-mail address for the contact

Creating an E-mail Address for a Group

You can establish an e-mail address for both security and distribution groups Which type of group you should use depends on the design goals of the organization In either case, once the e-mail address is established, the group will appear in address lists and messages sent to the group will be forward to all members of the group that have an e-mail address

When you establish an e-mail address for a group, only the alias is configured The e-mail address is generated from the default e-mail address for the Exchange 2000 organization

Topic Objective

To establish e-mail

addresses for users,

contacts, and groups

Lead-in

To be able to send mail to a

user, contact, or group, you

need to create a mailbox or

establish an e-mail address

for them

Delivery Tip

Demonstrate how to create

a mailbox for a user while

creating the user account

Also demonstrate how to

create a mailbox for a user

after the user account has

been created

Delivery Tip

Demonstrate how to create

an Exchange alias for a

contact

Delivery Tip

Demonstrate how to create

an Exchange alias for a

group

# Configuring Recipient Objects

! Mailbox Configuration

! Configuring General Properties

! Configuring Advanced Properties

! Configuring Contacts

! Configuring Mail-Enabled Groups

After you create a mailbox for a user or mail-enable users, contacts, or groups,

several tabs appear in the Properties dialog box of the recipient object You

can configure the recipient by selecting the various configuration options available in these tabs For example, you can specify the outgoing and incoming message size limits for a user

Topic Objective

To introduce this topic

Lead-in

You can configure a

recipient object to provide

information about the

recipient in the global

address list

network-account specific or are general user information properties The tabs

with Exchange 2000-specific options are General, Organization, Exchange Advanced, Exchange General, E-mail Addresses, and Exchange Features The Exchange General and Exchange Advanced tabs contain additional

settings

The following table describes configuration settings for the other tabs

Tab Relevant

Properties Usage General E-mail Type the user’s inbound e-mail address for informational

purposes only For example, the e-mail address used by external Lightweight Directory Access Protocol (LDAP) clients

Organization Title Department Company

Type the user’s job title, department, and company information, as you want it displayed in the address lists

Manager Direct

Reports

Type the name of the user’s supervisor in the Manager

box The information specified in each user object’s

Manager box is automatically complied into the Direct Reports box

E-mail Addresses

View, add, delete, and modify external e-mail addresses For a user to receive mail from an external system, the user’s proxy address, as defined on this tab, must exactly match the recipient address that you typed in the message

Exchange Features

Instant Messaging

Click the Enable button to enable the Instant Messaging

feature for the user

Topic Objective

To describe the key options

in the Properties dialog box

for a new user

Lead-in

After you create a mailbox

for a user, you can configure

the mailbox properties using

the tabs in the Properties

dialog box for the user

object

Delivery Tip

Show students the options

listed in the table and

discuss each one

Configuring General Properties

User Object Properties

Text goes here

Text goes here

Text goes here

Text goes here

Specify the Exchange alias

Configure outgoing and incoming message limitations

Configure a delegate user, a forwarding address, and the maximum number

of recipients for a message Override the mailbox store’s Limits tab properties and configure how Deleted Items should be handled

The following table describes properties that you can configure on the

Exchange General tab

Property Usage Mailbox Store Displays the store in which this mailbox is located

Alias Specify the Exchange alias in this box The Exchange alias does

not have to match the Windows 2000 alias or any proxy addresses, but it is easier for users and support personnel if the aliases and addresses are the same

Delivery Restrictions

Use to configure outgoing and incoming message size limitations

in addition to restricting who this mailbox can receive mail from

Delivery Options

Use to identify a delegate user for this mailbox The defined delegate will have the Send on behalf of permission for this mailbox This will enable the delegate to send a message on behalf

of the user The recipient of the message will know by looking at

the From box that the message was sent from the delegate on

behalf of the user You can also configure a forwarding address for this mailbox in the event a user is temporarily away (similar to the alternate recipient feature in Exchange Server 5.5) Additionally, you can configure the maximum number of recipients that this mailbox can send to in a given message

Storage Limits Use to override the properties on the mailbox store’s Limits tab

Overriding the properties on the Limits tab will enable you to

define unique limits for the mailbox If the mailbox exceeds the limit, the mailbox receives an over-limit message and cannot send and receive mail You can also define whether items removed from the user’s Deleted Items folder will be held for a period of time for recoverability purposes, and if the deleted items must be backed up prior to being purged from the server

Topic Objective

To discuss the settings on

the Exchange General tab

Lead-in

The Exchange General tab

allows you to customize a

user’s messaging

properties

Delivery Tip

Show students the settings

on the Exchange General

tab and discuss each option

Configuring Advanced Properties

Simple display name Hide from Exchange address lists Downgrade high priority mail bound for X.400 Custom Attributes

Protocol Settings ILS Settings Mailbox Rights

The Exchange Advanced tab appears in Active Directory Users and

Computers when you select the Advanced Features mode The following table

describes properties that you can configure on the Exchange Advanced tab Property Usage

Simple display name Use to specify the display name that will be used by

messaging systems that cannot interpret all the characters in the normal display name

Hide from Exchange address lists

Select this to ensure that this mailbox does not appear in any address list

Downgrade high priority mail bound for X.400

Select this to prevent the user from sending high-priority mail to an external X.400 system

Custom Attributes Select this to customize any of the 15 additional extension

attributes Use the extension attributes to enter employee identification (ID) numbers or other information you want

to specify for users For example, you cannot change the extension attribute names using Active Directory Users and Computers If friendly names, such as Employee ID, are necessary, you need to add a new attribute to the Active Directory schema

Topic Objective

To discuss the Exchange

Advanced tab settings

Lead-in

The Exchange Advanced

tab appears only if you have

selected the Active Directory

Advanced View

Delivery Tip

Show students the

Exchange Advanced tab

and discuss options

(continued)

Property Usage Protocol Settings Select this to customize the user’s Hypertext Transfer

Protocol (HTTP), Post Office Protocol version 3 (POP3), or Internet Message Access Protocol version 4 (IMAP4) settings The child objects inherit these settings from the virtual server on the computer running Exchange 2000 on which the mailbox resides:

• HTTP Enable or disable this mailbox for Outlook Web

Access

• IMAP4 Enable or disable this mailbox for IMAP4

You can configure the message body to be Multipurpose Internet Mail Extensions (MIME) encoded as plain text, Hypertext Markup Language (HTML), or both You can also choose to use Microsoft Exchange Rich Text Format (RTF) if the client supports it In addition, you can choose to include all public folders when a folder list is requested You can enable fast message retrieval You

can also grant user permissions to other mailboxes

• POP3 Enable or disable this mailbox for POP3 You

can override the default global settings for MIME versus UNIX-to-UNIX encode (UUEncode) You can also override the settings for the character set You can select the option to use Microsoft Exchange RTF, if the POP3 client supports it

ILS Settings Use to enter the user’s Internet locator service (ILS) server

and ILS account if they will be participating in online meetings When a remote user initiates an online meeting from within Outlook, the local user’s Internet Protocol (IP) address will be returned to the remote user making the request This IP address is all that is necessary to launch an online meeting

Mailbox Rights Use to configure all access rights to this mailbox For

example, you can assign the Send As permissions

By default, RTF support is disabled If you enable RTF support on the recipient object and the user does not use one of the following Exchange clients—Windows CE, Outlook® 98, Outlook 2000—then all RTF data will be packaged into a binary file named Winmail.dat This file is unusable However, all RTF attachments sent to the user will be encapsulated in the Winmail.dat file The user may not know that there should have been an attachment

Note

Limit incoming message size and limit the messages that can be accepted

After a contact is mail-enabled, new tabs appear in its Properties dialog box

These tabs and their corresponding properties are described in the following table

Exchange General

Incoming message size Limits the size of messages this contact

can receive

Accept messages Defines which users are allowed to

send mail to this contact

Exchange Advanced

Simple display name Specifies the display name that will be

used by systems that cannot interpret all the characters in the normal display name

Hide from Exchange address lists

Prevents users from viewing this contact from the client By default, this property is not selected

Use MAPI rich text format

If selected, messages sent to this contact will be sent in MAPI rich text format

Custom Attributes Displays custom attributes for the

contact You can modify these settings

ILS Settings Displays ILS settings for the contact

You can modify these settings

Topic Objective

To create and configure

contacts

Lead-in

A contact is a user that

receives his or her mail from

a foreign system, but should

appear in an address list

Delivery Tip

Display the Properties

dialog box for a

mail-enabled contact while

explaining this

Configuring Mail-Enabled Groups

Group Object PropertiesExchange General

Exchange Advanced

Specify the expansion server, hide groups, enable NDRs to be sent to the group owner or sender, and enable OOF messages

Limit incoming message size, and limit the messages that can be accepted

After a group is mail-enabled, several new tabs appear in its Properties dialog

box These tabs and their corresponding properties are described in the following table

Tab Property Usage Exchange

General

Message Size Limits the size of messages this distribution

list can receive

Accept messages Defines which users are allowed to send mail

to this distribution list

Exchange Advanced

Expansion Server Chooses a server that will resolve the

membership of this distribution list

Hide group from Exchange address lists

Prevents users from viewing the selected group from the client By default, this property is not selected

Send delivery reports to group owner

If selected, non-delivery reports (NDRs) are sent to the group owner By default, this property is not selected

reports to message originator

If selected, NDRs are sent to the sender By default, this property is not selected

Send out-of-office messages to originator

Messages sent to users with out-of-office (OOF) enabled will be replied with system-generated OOF messages This is disabled

group to which mail can be

sent using Exchange 2000

Delivery Tip

Display the Properties

dialog box for a

mail-enabled group while

explaining this

# Managing Recipient Objects

! Managing Recipient E-mail Addresses

! Managing Rights and Permissions

! Moving Mailboxes

A recipient may have multiple e-mail addresses, and multiple addresses of the same type Multiple addresses are typically used when coexisting with other messaging systems, or when you are merging messaging systems and need to retain previous e-mail addresses so that users can still receive messages sent to those addresses

You can also grant access to a user to enable the user to access another user’s mailbox by assigning rights and permissions You may need to do this when a user goes on vacation and wants to delegate access to his or her mailbox to a colleague

You can improve server performance by moving mailboxes between servers to balance the load on the servers You may also have to move mailboxes from one server to another if there is insufficient disk space on a server

Topic Objective

To introduce this topic

Lead-in

Managing recipient objects

involves managing e-mail

addresses, managing rights

and permissions, and

moving mailboxes

Managing Recipient E-mail Addresses

From: SusanF@nwtraders.msft

When you create a recipient object, multiple e-mail addresses are created based

on the connectors that have been added to the Exchange 2000 organization You

can create or modify recipient e-mail addresses using the Properties dialog box

forthe recipient object The following default address types can be created:

! Custom address

! X.400 address

! Microsoft Mail address

! Cc:Mail address

! Lotus Notes address

! Novell GroupWise address

SMTP must be configured for Exchange 2000 to accept messages sent to additional addresses

Primary Address

The first e-mail address created for a user of a particular address type is the

primary address for that address type The primary address appears in the From

box of outbound messages sent by the recipient object

Secondary Address

A recipient object can also have additional addresses of the same address type

These are known as secondary addresses Secondary addresses are additional

e-mail addresses that can be used for sending messages to the recipient

Topic Objective

To create additional e-mail

addresses for recipients

Lead-in

A recipient object may have

primary and secondary

e-mail addresses

Note

Managing Rights and Permissions

Full Mailbox Access

Access Specific

You can apply permissions for recipient objects to control access to configuration items For example, you can control mailbox access by configuring mailbox rights in Active Directory In addition, you can control access to specific fields of a recipient object by configuring the relevant permissions in Active Directory

Exchange Mailbox Permissions

You can assign mailbox rights to give a user or security group access to a user’s mailbox You can specifically grant access to allow a user or group to open a mailbox, delete a mailbox, or change permissions for a mailbox

The following table lists the permissions that you can grant from the

Permissions for User dialog box, which is accessed from the user object’s

Properties dialog box, by selecting the Exchange Advanced tab, and then clicking Mailbox Rights

Permission Allows a user or group to

account This permission identifies a user that is

external to the Active Directory forest (through explicit trusts) as the “mailbox owner.”

Using the Associated external account permission changes the way Security Identifiers (SIDs) are applied to objects created by the user object, such as a public folder In this case, the SID of the external account will be applied to the

Topic Objective

To apply rights and

permissions for recipients

Lead-in

You can apply rights and

permissions for recipients

using the recipient object’s

Property dialog box

User Object Permissions

The Send As permission gives a user the ability to place the user object in the

From field of a new message in order to send as that user

Exchange 2000 does not use the Receive As permission located on the

Security tab of the recipient object

Recipient Object Property Permissions

You can also grant or deny permissions on specific attributes of recipient objects For example, you may want to populate the home phone attribute of a user object, but ensure that only administrators can view this attribute in the Address Book You can grant or deny permissions using the advanced security

properties in the recipient object’s Properties dialog box You can then grant

the Read Home Phone permission to administrators

Access to individual folders within a mailbox can only be accomplished using a MAPI client such as Outlook 2000

Note

Note

Moving Mailboxes

Exchange Organization

Exchange Task Wizard

Available Tasks

The following is a list of tasks that can be applied to one or more

of the selected objects Select the desired task and press Next.

Move Mailbox

Delete Mailbox Enable Instant Messaging

! A user has physically or logically relocated

! You have server performance issues For example, you may need to reduce the time required to complete store backups on a given server

! The database has grown and you need to balance the load on the server

When you move a mailbox from one server to another, the user object remains where it was created

You can move mailboxes by using the Exchange Tasks Wizard The Exchange Tasks Wizard will prompt you to specify the server and mailbox store to which you want to move the mailbox

When you move a mailbox, single instance storage is maintained for messages in the mailbox That is, if the target server already has a copy of the messages, new messages are not created on the target server If the target server does not have a copy of the messages for the mailbox being moved, new messages are created

For better performance, you

should place users who

communicate regularly in

the same mailbox store

Note

Delivery Tip

Demonstrate how to move a

mailbox from one server to

another

Important

# Making Bulk Changes to the Directory

! Import Utilities and File Formats

! LDIFDE and CSVDE File Formats

! LDIFDE and CSVDE Command Line Parameters

! Troubleshooting Tips

Exchange 2000 uses LDAP to access Active Directory You can also use this protocol to import and export directory information and make changes to directory objects For example, you may need to make bulk changes to the directory when two companies merge In such a case, you can export the directory information of company A into a bulk export file You can then use this file to import the directory information into the directory of the company B

Topic Objective

To introduce this topic

Lead-in

You can use script files if

you need to make a large

number of changes to user

objects

Import Utilities and File Formats

You can use the following two utilities to import data to or export data from Active Directory:

uses a LDAP Data Interchange Format (LDIF) file as input to make changes

to the directory

Comma Separated Value (CSV) file format as input to make changes to the directory

You can use these utilities to add directory objects such as users, contacts, and groups to Active Directory You can use these utilities to create mailboxes for users, or establish e-mail addresses for users, contacts, and groups

You can only add new objects to the directory using CSVDE However, you can use LDIFDE to add, delete, and modify objects

Considerations for LDIFDE and CSVDE

For both LDIFDE and CSVDE utilities and file formats, keep in mind the following considerations:

! New users are created with blank passwords

! New users are disabled by default

! The import file must contain the distinguished name (DN) of the object being added, modified, or deleted, and the changeType (add, modify, or delete) for the operation being completed

Topic Objective

To identify the utilities

available for importing or

exporting data from Active

Directory

Lead-in

You can make bulk changes

to Active Directory using the

LDIFDE or CSVDE utilities

Attributes in the Import Files

An import file contains attributes and their corresponding values that control how an object is to be added, modified, or deleted The following table lists some of the attributes and values that can be specified in an import file

Attribute Description

modified, or deleted For example:

dn: CN=suzanf,OU=Marketing Department,DC=nwtraders1,DC=msft

configured

changeType (Only used with LDIFDE)

This attribute controls the operation being performed on the object during the import, and can be configured as add, modify, or delete

the Active Directory forest For example:

suzanf@nwtraders.msft

the object This name will appear in the Exchange 2000 address lists

added When the value of this attribute is set to 512, the user object is enabled When the value is set to 514, the user object is disabled By default, the value specified is

514

mailbox will be created