Your network contains a server named Server1 that has Microsoft SharePoint Foundation 2010
installed. You configure the incoming email settings to use the SharePoint Directory Management
service to create distribution groups and contacts in an organizational unit (OU) named OU1. You
need to ensure that email distribution groups created from SharePoint are automatically created in
OU1. What should you do?
A.
From Central Administration, create a new trust relationship.
B.
From Central Administration, modify the Directory Management Service Approval List.
C.
From Active Directory Users and Computers, delegate permissions to the SharePoint
2010 Timer service account in OU1.
D.
From Active Directory Users and Computers, delegate permissions to the SharePoint
Central Administration v4 application pool identity in OU1.
Explanation:
Configure Active Directory Incoming email uses the Microsoft SharePoint Directory Management
Service to connect SharePoint sites to the directory services used by your organization. If you enable
the Microsoft SharePoint Directory Management Service, users can create and manage distribution
groups from SharePoint sites. SharePoint lists that use email can then be found in directory services,
such as the Address Book. You must also select which distribution group requests from SharePoint
lists require approval. The Microsoft SharePoint Directory Management Service can be installed on a
server in the farm, or you can use a remote Microsoft SharePoint Directory Management Service. To
use the Microsoft SharePoint Directory Management Service on a farm or server, you must configure
the Central Administration application pool identity account to have the Create, delete, and manage
user accounts right to the container that you specify in Active Directory. The preferred way to do this
is by delegating the right to the Central Administration application pool identity account. An Active
Directory administrator must set up the organizational unit (OU) and delegate the Create, delete,
and manage user accounts right to the container. The advantage of using the Microsoft SharePoint
Directory Management Service on a remote farm is that you do not have to delegate rights to the
organizational unit for multiple farm service accounts. If the application pool account for Central
Administration is different from the application pool account for the Web application of the list or
site that is enabled for email, you must use the application pool account for the Web application
when completing the following procedures. You must then delegate additional rights to the Central
Administration application pool account. The following procedures are performed on a domain
controller that runs Microsoft Windows Server 2003 SP1 (with DNS Manager) and MicrosoftExchange Server 2003 SP1. In some deployments, these applications might run on multiple servers in
the same domain. Important: Membership in the Domain Administrators group or delegated
authority for domain administration is required to complete this procedure. Create an organizational
unit in Active Directory
1. Click Start, point to Control Panel, point to Administrative Tools, and then click Active Directory
Users and Computers.
2. In Active Directory Users and Computers, right-click the folder for the second-level domain that
contains your server farm, point to New, and then click Organizational Unit.
3. Type the name of the organizational unit, and then click OK. After creating the organization unit,
we recommend that you delegate the Create, delete, and manage user accounts right to the
container. Important: Membership in the Domain Administrators group or the Enterprise
Administrators group in Active Directory, or delegated authority for administration, is required to
complete this procedure.
Delegate right to the application pool account
1. In Active Directory Users and Computers, find the organizational unit that you just created.
2. Right-click the organizational unit, and then click Delegate control.
3. On the Welcome page of the Delegation of Control Wizard, click Next.
4. On the Users and Groups page, click Add, and then type the name of the application pool identity
account that the Web application uses.
5. In the Select Users, Computers, and Groups dialog box, click OK.
6. On the Users or Groups page of the Delegation of Control Wizard, click Next.
7. On the Tasks to Delegate page of the Delegation of Control Wizard, select the Create, delete, and
manage user accounts check box, and then click Next.
8. On the last page of the Delegation of Control Wizard, click Finish to exit the wizard. If you must
add permissions for the application pool identity account directly, complete the following procedure.
Important: Membership in the Account Operators group, Domain Administrators group, or the
Enterprise Administrators group in Active Directory, or delegated authority for administration, is
required to complete this procedure.
Add permissions for the application pool account
1. In Active Directory Users and Computers, click the View menu, and then click Advanced Features.
2. Right-click the organizational unit that you just created, and then click Properties.
3. In the Properties dialog box, click the Security tab, and then click Advanced.
4. Click Add, and then type the name of the application pool identity account for the Web
application.
5. Click OK.
6. In the Permission Entries section, double-click the application pool identity account.
7. In the Permissions section, under Allow, select the Modify permissions check box.
8. Click OK to close the Permissions dialog box.
9. Click OK to close the Properties dialog box.
10. Click OK to close the Active Directory Users and Computers plug-in. If you decide instead to use
the remote Microsoft SharePoint Directory Management Service, you must know the URL for the
Web service. This URL is typically in the following format: http://
server:adminport/_vti_bin/SharePointEmailWS.asmx.
Source: http://technet.microsoft.com/en-us/library/cc262947.aspx