Tag Archive: Active Directory

The company I work for has several “program” divisions under the main company. Each of these programs has a slew of employees, some more than others. Inside each of these programs are also further divisions by team name. Now keeping track of a manually created distribution group can become a nightmare when employees change programs and teams often. I have been keeping up with this manually in the past for several reasons:

  • Manual groups are easy to work with using the SBS Console
  • They are easy to see and well-defined under Groups
  • They are easy to add extra people to (All of program A in this group plus 2 people in program B)

I finally decided to take the plunge and do this dynamically; in other words Exchange will actually populate the recipients at the time of sending and email to that group. There are a few drawbacks to this method:

  • You can’t easily view the recipients of the group
  • You can’t easily test if the group is working
  • You need to be very organized when it comes to the AD
  • Forgetting to correct an AD attribute means the user wont get group mail

To start this process off, I created a list of all programs, employees, and which groups they belonged too. I also used this time to correctly configure AD Properties, Managers and Direct Reports- you can do this or not as you see fit.

I went to Active Directory Users and Computers Console, and opened up MyBusiness/Users/SBSUsers.

Active Directory Users and Computers

Active Directory Users and Computers

I then double clicked each employee and changed several features about their properties. I clicked the Organization tab and specified the properties for each user. Job title is the employee’s job title. the company are all the same.

NOTE: To change the same property value for multiple users, hold ctrl and click each user’s name in ADUC. Once you have them selected, right-click and say properties. Enable the field you are editing, and change the value. This is a quick way to say apply the company name to all users.

User Account

User Account

I then changed the manager for each employee, etc. Now the department is the field that I used for my distinction, and it is also the attribute I will use to create my dynamic lists. I start off labelling every user by department on the program level. Let’s say my programs are named Sales, and Administration. I add either program to each users properties. Then the Sales program is further broken down into groups, we will call them A, B, and C. User1 might be Administration, User2 might be Sales – A, while User3 is Sales – C.

Notice how I formatted the groups: space then dash then space then group. You do not have to do it like this- but whatever you do it must be consistent across the board.

Now we will go ahead and create the Dynamic Distribution Group. Open up Exchange Management Console from Start>Microsoft Exchange Server. Right-click on Recipient configuration, and select New Dynamic Distribution Group.

New Dynamic Distribution Group

New Dynamic Distribution Group

A wizard appears. For Organization Unit, this is where the distribution group is created. You might want to browse and create these groups under the Distribution Groups object in MyBusiness. I left mine to be created in SBSUsers. You need to assign a name for the group. this will be used to identify the group in AD. The alias will be what users send mail to. For this demonstration I will use a group name of Sales Group A, with an alias of SalesA.

New Group

New Group

This means for users to send email to this group they will compose a mail to SalesA@company.com.

Click Next.

Now select the container where you will apply the filter. This is the container that contains the items to which you will pull addresses from. In this case, it is our Users folder in MyBusiness/Users/SBSUsers. You can further customize the filter by using the provided check boxes. For this example, we will leave All Recipient Types selected. Click Next.

Now we select which item defines which addresses will be included in the group. Select Department (if you remember, this is the defining attribute we used to split our company up into programs and subgroups).

Select Department

Select Department

Now in the bottom window, click on specified. Now in the text box enter the EXACT matching text from the department of the users AD properties that you wish to capture. In this instance, we wish to put everyone in Sales Group A into this distribution list, so we enter:

Sales – A

And click Add, then Ok.

Specify Department

Specify Department

At the bottom of the window is a Preview button. Click this and the members that match the filter will display. Make sure you typed everything correctly and you should be seeing all members of Sales Group A. this is the only way to easily check the group membership, so make sure it is right.

Click Next, Click New.

The Wizard should complete with a Green Checkmark, and you can finish it out.

You can test the group by sending out an email to that group with return receipts on it. You can also change your own AD Properties to match the filter, so that you receive an email when you mail that group. There is one more way to check membership, which is documented here. Make sure to read the comments.


This blog is a simple list of changes I make to keep a Microsoft Small Business Server 2008 and accompanying network up and running. While I do not consider Microsoft, nor any of their software to be actually “stupid”, anyone who has ever worked on anything Microsoft certainly understand the ease with which a person can break their functionality. This is my specialty. Through out this blog I will document many system changes both custom and necessary out of the box changes. It will include OS, software, hardware, and workstation changes. These changes should and will encompass a wide variety of topics to include:

  • DNS
  • DHCP
  • Active Directory
  • Exchange 2007
  • WSUS
  • Windows Backup
  • WSS 3.0 on IIS 7.0
  • Sharepoint Customization
  • SQL Server Express 2005
  • Windows 7, Vista, and XP
  • Network peripherals such as printers, routers, and switches

    Not only will these posts document my troubleshoot and error correcting process, but they will provide links to other sites with answers, or useful posts on help forums. while I do not promise that any of these posts will be accurate, I can assure you that to the best of my ability I am solving common and complex errors that might affect any user of any Microsoft product.Please allow credit where credit is due. I publish references and links to this site as a means of spreading information, without intent to infringe or harm. Feel free to contact me with any problems.

  • %d bloggers like this: