Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

A mail-enabled security group can be used to distribute messages as well as to grant access permissions to resources in Active Directory.

Looking for other management tasks related to distribution groups? Check out Managing Distribution Groups.

Note:
By default, all new distribution groups require that all senders be authenticated. This prevents external senders from sending messages to distribution groups. This setting is different from previous versions of Exchange where, by default, new distribution groups accepted messages from all senders. To configure a distribution group to accept messages from all senders, you must modify the message delivery restriction settings for that distribution group. For more information about configuring message delivery restrictions, see Configure Message Delivery Restrictions.

Use the EMC to create a security group

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Distribution groups" entry in the Mailbox Permissions topic.

  1. In the console tree, click Recipient Configuration.

  2. In the action pane, click New Distribution Group.

  3. On the Introduction page, click New Group, and then click Next.

  4. On the Group Information page, complete the following fields:

    • Group type   Click Security to create a mail-enabled universal security group.

    • Specify the organizational unit rather than using a default one Select this check box to select an organizational unit (OU) other than the default (which is the recipient scope). If the recipient scope is set to the forest, the default value is set to the Users container in the Active Directory domain that contains the computer on which the Exchange Management Console is running. If the recipient scope is set to a specific domain, the Users container in that domain is selected by default. If the recipient scope is set to a specific OU, that OU is selected by default. To select a different OU, click Browse to open the Select Organizational Unit dialog box. This dialog box displays all OUs in the forest that are within the specified scope. Select the desired OU, and then click OK. To learn more about recipient scopes, see Understanding Recipient Scope.

    • Name   Use this box to type the name of the group, which can't exceed 64 characters.

    • Name (pre-Windows 2000)   Use this box to type the name for the group that's compatible with the legacy versions of Windows (prior to the release of Windows 2000 Server). This required field is automatically populated based on the Name field.

      The name of the group that's compatible with earlier versions of Windows can't exceed 64 characters. It can contain letters, numbers, and the following characters: ! # $ % ^ & - . _ { } | ~.

    • Alias   Use this box to type the name of the alias for the group. The alias can't exceed 64 characters and must be unique in the forest.

  5. On the New Distribution Group page, review your configuration settings. To make any configuration changes, click Back. To create the security group, click New.

  6. On the Completion page, review the following, and then click Finish to close the wizard:

    • A status of Completed indicates that the wizard completed the task successfully.

    • A status of Failed indicates that the task wasn't completed. If the task fails, review the summary for an explanation, and then click Back to make any configuration changes.

Use the Shell to create a security group

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Distribution groups" entry in the Mailbox Permissions topic.

This example creates a security group named Managers.

Copy Code 
New-DistributionGroup -Name "Managers" -OrganizationalUnit "contoso.com/Users" -SAMAccountName "Managers" -Type "Security"

For detailed syntax and parameter information, see New-DistributionGroup.