Implementing Your Administrative Model

Understanding Administrative Group Models

An administrative group is a collection of Active Directory objects that are grouped together to simplify the management of permissions. Administrative groups are used to define the administrative topology of your organization (for example, departments or divisions) and not the physical topology of the network.

You can use a decentralized, centralized, or mixed model to organize your administrative topology.


This administrative model is similar to the site model in Exchange 5.5. Complete control over management of the Exchange system is distributed to company regions or divisions. With a decentralized model, you can use at least one administrative group for each region or division. A central information technology organization may be responsible for managing standards and guidelines but not for daily system administration. Usually, each region or division controls its own assets and performs its own system administration. This type of organization probably has at least one administrative group in each division or group; for example, you might have an administrative group for each of the following divisions: Atlantic, Central, Midwest, and Pacific. Each of these administrative groups contains routing groups, policies, servers, public folder trees, and other objects specific to each division.

Important   If your organization uses both Exchange 2000 and Exchange 5.5 servers, Exchange 2000 by default displays one administrative group and one routing group for each Exchange 5.5 site.


With the centralized model, complete control of the Exchange system is maintained by a single group. With this model you use few administrative groups, but you might use a larger number of routing groups.

This administrative model is similar to a data center. All administration tasks are performed by a single information technology group, which is typical in small- or medium-sized organizations, but can also be used in larger organizations that have high bandwidth connectivity to all regional offices.


With the mixed model, specialized administrative groups are created to restrict the management of certain functions to specific people; for example, if you want to restrict who can create and maintain policies, you can create an administrative group for policies. You can also assign permissions to restrict the list of people who can create policies.

This administrative model uses specialized administrative groups to manage the Exchange implementation. This model is typically used in larger organizations with many divisions or offices in a variety of geographical locations. This model can also apply when one company buys another company and wants to have a single directory for all e-mail addresses.

You can use specialized administrative groups to separate the administrative responsibilities for different geographical locations. You can also assign an administrative group that defines central organization responsibilities. A combination of these two uses might appear as follows:

Each bulleted item is an administrative group. The routing topology group might contain multiple routing groups for the entire organization. By using specialized administrative groups, this routing management is restricted to a specific group of administrators. The organization policies group serves the same purpose: a select group of administrators control system and recipient policies that are used across the organization. The Atlantic and Central region groups are used to define daily administrative tasks performed by administrators at different geographical locations. Each of these groups contains other objects, such as public folders and servers, which are managed by the local groups.