What should you do to ensure that e-mail distribution groups created from SharePoint are automatically created in OU1?

Your network contains a server named Server1 that has Microsoft SharePoint Foundation 2010 installed.
You configure the incoming e-mail settings to use the SharePoint Directory Management service to create distribution groups and contacts in an organizational unit (OU) named OU1.

You need to ensure that e-mail distribution groups created from SharePoint are automatically created in OU1.
What should you do?

A.
From Central Administration, create a new trust relationship.

B.
From Central Administration, modify the Directory Management Service Approval List.

C.
From Active Directory Users and Computers, delegate permissions to the SharePoint 2010 Timer service account in OU1.

D.
From Active Directory Users and Computers, delegate permissions to the SharePoint Central Administration v4 application pool identity in OU1.

Explanation/Reference:
Configure Active Directory
Incoming e-mail uses the Microsoft SharePoint Directory Management Service to connect SharePoint sites to the directory services used by your organization. If you enable the Microsoft SharePoint Directory Management Service, users can create and manage distribution groups from SharePoint sites. SharePoint lists that use e-mail can then be found in directory services, such as the Address Book. You must also select which distribution group requests from SharePoint lists require approval. The Microsoft SharePoint Directory Management Service can be installed on a server in the farm, or you can use a remote Microsoft SharePoint Directory Management Service.

To use the Microsoft SharePoint Directory Management Service on a farm or server, you must configure the Central Administration application pool identity account to have the Create, delete, and manage user accounts right to the container that you specify in Active Directory. The preferred way to do this is by delegating the right to the Central Administration application pool identity account. An Active Directory administrator must set up the organizational unit (OU) and delegate the Create, delete, and manage user accounts right to the container. The advantage of using the Microsoft SharePoint Directory Management Service on a remote farm is that you do not have to delegate rights to the organizational unit for multiple farm service accounts.
If the application pool account for Central Administration is different from the application pool account for the Web application of the list or site that is enabled for e-mail, you must use the application pool account for the Web application when completing the following procedures. You must then delegate additional rights to the Central Administration application pool account.

The following procedures are performed on a domain controller that runs Microsoft Windows Server 2003 SP1 (with DNS Manager) and Microsoft Exchange Server 2003 SP1. In some deployments, these applications might run on multiple servers in the same domain.

Important: Membership in the Domain Administrators group or delegated authority for domain administration is required to complete this procedure.

Create an organizational unit in Active Directory
1. Click Start, point to Control Panel, point to Administrative Tools, and then click Active Directory Users and Computers.
2. In Active Directory Users and Computers, right-click the folder for the second-level domain that contains your server farm, point to New, and then click Organizational Unit.
3. Type the name of the organizational unit, and then click OK.

After creating the organization unit, we recommend that you delegate the Create, delete, and manage user accounts right to the container.

Important: Membership in the Domain Administrators group or the Enterprise Administrators group in Active Directory, or delegated authority for administration, is required to complete this procedure.

Delegate right to the application pool account
1. In Active Directory Users and Computers, find the organizational unit that you just created.
2. Right-click the organizational unit, and then click Delegate control.
3. On the Welcome page of the Delegation of Control Wizard, click Next.
4. On the Users and Groups page, click Add, and then type the name of the application pool identity account that the Web application uses.
5. In the Select Users, Computers, and Groups dialog box, click OK.
6. On the Users or Groups page of the Delegation of Control Wizard, click Next.
7. On the Tasks to Delegate page of the Delegation of Control Wizard, select the Create, delete, and manage user accounts check box, and then click Next.
8. On the last page of the Delegation of Control Wizard, click Finish to exit the wizard.

If you must add permissions for the application pool identity account directly, complete the following procedure.

Important: Membership in the Account Operators group, Domain Administrators group, or the Enterprise Administrators group in Active Directory, or delegated authority for administration, is required to complete this procedure.

Add permissions for the application pool account
1. In Active Directory Users and Computers, click the View menu, and then click Advanced Features.
2. Right-click the organizational unit that you just created, and then click Properties.
3. In the Properties dialog box, click the Security tab, and then click Advanced.
4. Click Add, and then type the name of the application pool identity account for the Web application.
5. Click OK.
6. In the Permission Entries section, double-click the application pool identity account.
7. In the Permissions section, under Allow, select the Modify permissions check box.
8. Click OK to close the Permissions dialog box.
9. Click OK to close the Properties dialog box.
10. Click OK to close the Active Directory Users and Computers plug-in.

If you decide instead to use the remote Microsoft SharePoint Directory Management Service, you must know the URL for the Web service. This URL is typically in the following format: http://server:adminport/_vti_bin/SharePointEmailWS.asmx.

Source: http://technet.microsoft.com/en-us/library/cc262947.aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *