Dynamic Group Tasks - Directory and Resource Administrator and Exchange Administrator User Guide (2024)

Table of Contents
8.1.1 Creating a Dynamic Group 8.1.2 Creating a Filter 8.1.3 Managing the Static Member List 8.1.4 Managing the Excluded Member List 8.1.5 Refreshing the Member List 8.1.6 Cloning a Dynamic Group 8.1.7 Moving a Dynamic Group to Another Container 8.1.8 Deleting a Dynamic Group 8.1.9 Renaming a Dynamic Group 8.1.10 Managing Dynamic Group Properties 8.1.11 Adding Dynamic Groups to Other Dynamic Groups 8.1.12 Setting Group Membership Security Permissions 8.1.13 Setting Dynamic Group Ownership 8.1.14 Exposing Dynamic Group Memberships in Distribution Lists 8.1.15 Hiding Dynamic Group Memberships from Distribution Lists

You can perform the following dynamic group tasks with DRA:

  • Create a dynamic group

  • Modify a dynamic group

  • Clone a dynamic group

  • Delete a dynamic group

8.1.1 Creating a Dynamic Group

You can create a dynamic group in the managed domain or managed subtree. You can also modify properties, such as group members, for the new dynamic group.

NOTE:

  • Your company may have a naming convention enforced through policy that determines the name you can assign to the new dynamic group.

  • By default, DRA places the new dynamic group in the Users OU of the managed domain.

To create a dynamic group:

  1. In the left pane, expand All My Managed Objects.

  2. Select the location where you want to create this dynamic group.

    For example, if you want to create this group in a specific OU of the managed domain, expand the domain and then select the appropriate OU.

  3. On the Tasks menu, click New>Dynamic Group.

  4. On each tab, specify the appropriate settings and properties for the new group, and then click Next.

  5. If you want to create a filter, see Section 8.1.2, Creating a Filter.

  6. If you want to add members to the group’s static member list, see Section 8.1.3, Managing the Static Member List.

  7. If you want to add members to the group’s excluded member list, see Section 8.1.4, Managing the Excluded Member List.

  8. Review the summary, and then click Finish.

8.1.2 Creating a Filter

The dynamic group uses the filter to add or remove users from its membership list each time the group is refreshed.

To create a filter:

  1. From the dynamic group’s Properties page, click Dynamic member filter.

  2. Click Add filter and use the Query Builder to configure the filter.

  3. Click Finish.

8.1.3 Managing the Static Member List

Users placed on a dynamic group’s static member list become permanent member of the group until you manually remove them.

When you remove members from a dynamic group, DRA does not delete the objects. When you add members to a dynamic group, you must have the power to modify the objects you want to add.

To add a user:

  1. From the dynamic group’s Properties page, click Dynamic member filter.

  2. On the Static Member List section, click Add member and use the Object Selector to locate the member you want to add.

  3. Click Finish.

To remove a user:

  1. From the dynamic group’s Properties page, click Dynamic member filter.

  2. Select the member from the Static Member List section and click Remove.

  3. Click Finish.

8.1.4 Managing the Excluded Member List

Users placed on a dynamic group’s excluded member list will not be allowed to join the group until you manually remove them from this list.

To add a user:

  1. From the dynamic group’s Properties page, click Dynamic member filter.

  2. On the Excluded Member List section, click Add member and use the Object Selector to locate the member you want to add.

  3. Click Finish.

To remove a user:

  1. From the dynamic group’s Properties page, click Dynamic member filter.

  2. Select the member from the Excluded Member List section and click Remove.

  3. Click Finish.

    See Also
    Net (command)/Localgroup - WikiversityDistribution groups - Microsoft SupportFind Memberships with Get-ADPrincipalGroupMembership CmdletExcluding Users from a Dynamic Group

8.1.5 Refreshing the Member List

To update the dynamic group’s member list:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group you want to refresh, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate dynamic group and select Update Members.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

8.1.6 Cloning a Dynamic Group

You can clone both local and global dynamic groups in managed domains. Cloning dynamic groups creates new dynamic groups of the same type and attributes as the original dynamic group.

By cloning a dynamic group, you can quickly create dynamic groups based on other dynamic groups with similar properties. When you clone a dynamic group, DRA populates the Clone Dynamic Group Wizard with values from the selected dynamic group. You can also modify properties for the new dynamic group.

NOTE:

  • Your company may have a naming convention enforced through policy that determines the name you can assign to the new dynamic group.

  • By default, DRA places the new dynamic group in the Users OU of the managed domain.

To clone a dynamic group:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group you want to clone, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate dynamic group and select Clone.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. On each tab, specify the appropriate settings and properties for the new group, and then click Next.

  5. If you want to create a filter, see Section 8.1.2, Creating a Filter.

  6. If you want to change the group’s static member list, see Section 8.1.3, Managing the Static Member List.

  7. If you want to change the group’s excluded member list, see Section 8.1.4, Managing the Excluded Member List.

  8. Review the summary, and then click Finish.

8.1.7 Moving a Dynamic Group to Another Container

You can move a dynamic group to another container, such as an OU, in the managed domain or managed subtree.

To move a dynamic group to another container:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group you want to move to another container, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate group and select Move.

    NOTE:

    • Dynamic group icons have two facing arrows at the bottom.

    • You can select and delete more than one dynamic group.

  4. Select the appropriate container.

  5. Click OK.

8.1.8 Deleting a Dynamic Group

You can delete local and global dynamic groups in the managed domain or managed subtree. If the Recycle Bin is disabled for that domain, deleting a dynamic group permanently removes it from the Active Directory. If the Recycle Bin is enabled for that domain, deleting a dynamic group moves it to the Recycle Bin and disables the dynamic group’s properties.

For more information on the Recycle Bin, see Section 21.0, Managing the Recycle Bin.

WARNING:When you create a dynamic group, Microsoft Windows assigns a Security Identifier (SID) to that dynamic group. The SID is not generated from the dynamic group name. Microsoft Windows uses SIDs to record privileges in access control lists (ACLs) for each resource. If you delete a dynamic group, you cannot return access capabilities for that dynamic group by creating a new dynamic group with the same name.

To delete a dynamic group:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group you want to delete, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

    See Also
    Add and remove group members in Outlook

  3. In the list pane, right-click the appropriate dynamic group and select Delete.

    NOTE:

    • Dynamic group icons have two facing arrows at the bottom.

    • You can select and delete more than one dynamic group.

  4. Click Yes.

8.1.9 Renaming a Dynamic Group

You can rename dynamic groups in the managed domain or managed subtree.

To rename a dynamic group:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group you want to delete, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate dynamic group and select Properties.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. Change the appropriate naming properties.

  5. Click OK.

8.1.10 Managing Dynamic Group Properties

You can manage properties for local and global dynamic groups. The powers you have determine which properties you can modify for a group in the managed domain or managed subtree.

To manage dynamic group properties:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group you want to manage, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate group and select Properties.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. On the appropriate tab, change the properties and settings you want to modify.

  5. To save your changes before you modify other properties, click Apply.

  6. Click OK.

8.1.11 Adding Dynamic Groups to Other Dynamic Groups

You can nest dynamic groups by adding a dynamic group to another managed dynamic group. When a dynamic group is nested in another dynamic group, the child dynamic group can inherit permissions from the parent dynamic group.

NOTE:If adding a dynamic group to another dynamic group increases your powers for the source dynamic group, DRA will not permit you to add the dynamic group.

To add a dynamic group to another dynamic group:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group you want to add within another dynamic group, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this dynamic group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate group and click Add to Groups.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. Find and select the appropriate group. You can select more than one group from different OUs or managed domains.

  5. Click OK.

8.1.12 Setting Group Membership Security Permissions

You can set Active Directory security permissions for dynamic group memberships. These permissions specify who can view (read) and modify (write) dynamic group memberships using Microsoft Outlook. These settings let you more effectively secure distribution lists and security dynamic groups in your environment. You cannot modify inherited security permissions.

NOTE:When you manage dynamic group membership security, disabled permissions may indicate inherited permissions.

To set dynamic group membership security permissions:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the dynamic group whose membership you want to secure, complete the following steps:

    1. If you know the dynamic group location, select the domain and OU that contains this group.

    2. In the search pane, specify the dynamic group attributes, and then click Find Now.

  3. In the list pane, select the appropriate dynamic group.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. On the Tasks menu, click Properties.

  5. Click Membership security.

  6. Select the user account or group you want to grant or deny security permissions. To specify a different user account or group, click Add.

  7. Under Permissions, select the appropriate security settings:

    • To allow the selected user account or group the ability to view this dynamic group membership, click Allow under Read members.

    • To deny the selected user account or group the ability to view this dynamic group membership, click Deny under Read members.

    • To allow the selected user account or group the ability to modify this group membership, click Allow under Write members.

    • To deny the selected user account or group the ability to modify this dynamic group membership, click Deny under Write members.

  8. To remove all security permissions from a user or group, select the appropriate user or group, and then click Remove.

  9. To check if a user or group has security permissions, select the appropriate user or group, and then click Properties.

  10. Click OK.

8.1.13 Setting Dynamic Group Ownership

You can grant the dynamic group ownership permission to a user account, group, or contact. Granting dynamic group ownership allows the specified user account, group, or contact to modify the membership of this dynamic group.

To set group ownership:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the group whose ownership you want to set, complete the following steps:

    1. If you know the group location, select the domain and OU that contains this group.

    2. In the search pane, specify the group attributes, and then click Find Now.

  3. In the list pane, select the appropriate dynamic group.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. On the Tasks menu, click Properties.

  5. Click Managed by.

  6. To add a manager, click Add.

  7. Select the Manager can update membership list check box, and then click OK.

8.1.14 Exposing Dynamic Group Memberships in Distribution Lists

You can expose dynamic group memberships in distribution lists for groups in the managed domain or managed subtree.

To expose dynamic group memberships in distribution lists:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the group you want to modify, complete the following steps:

    1. If you know the group location, select the domain and OU that contains this group.

    2. In the search pane, specify the group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate dynamic group and select Exchange Tasks.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. Click Expose Group Membership.

  5. Click Finish, and then click Done.

8.1.15 Hiding Dynamic Group Memberships from Distribution Lists

You can hide dynamic group memberships in distribution lists for groups in the managed domain or managed subtree.

NOTE:Hide Group Membership option is disabled for Microsoft Exchange 2007 distribution lists.

To hide dynamic group memberships in distribution lists:

  1. In the left pane, expand All My Managed Objects.

  2. To specify the group want to modify, complete the following steps:

    1. If you know the group location, select the domain and OU that contains this group.

    2. In the search pane, specify the group attributes, and then click Find Now.

  3. In the list pane, right-click the appropriate dynamic group and select Exchange Tasks.

    NOTE:Dynamic group icons have two facing arrows at the bottom.

  4. Click Hide Group Membership.

  5. Click Finish, and then click Done.

Dynamic Group Tasks - Directory and Resource Administrator and Exchange Administrator User Guide (2024)
Top Articles
The Perfect Annuity For You | The Annuity Expert
Cancel Onedrive Subscription. - Google Play Community
Canya 7 Drawer Dresser
Warren Ohio Craigslist
jazmen00 x & jazmen00 mega| Discover
Metra Union Pacific West Schedule
Pga Scores Cbs
The Best Classes in WoW War Within - Best Class in 11.0.2 | Dving Guides
Notary Ups Hours
Lichtsignale | Spur H0 | Sortiment | Viessmann Modelltechnik GmbH
Needle Nose Peterbilt For Sale Craigslist
Tiraj Bòlèt Florida Soir
Daniela Antury Telegram
Tcu Jaggaer
[Birthday Column] Celebrating Sarada's Birthday on 3/31! Looking Back on the Successor to the Uchiha Legacy Who Dreams of Becoming Hokage! | NARUTO OFFICIAL SITE (NARUTO & BORUTO)
Craigslist In Flagstaff
Hollywood Bowl Section H
Dallas Craigslist Org Dallas
Buying Cars from Craigslist: Tips for a Safe and Smart Purchase
Sherburne Refuge Bulldogs
Cal State Fullerton Titan Online
manhattan cars & trucks - by owner - craigslist
Vivification Harry Potter
Himekishi Ga Classmate Raw
101 Lewman Way Jeffersonville In
2021 Tesla Model 3 Standard Range Pl electric for sale - Portland, OR - craigslist
Marlene2295
Kacey King Ranch
Promatch Parts
EST to IST Converter - Time Zone Tool
24 slang words teens and Gen Zers are using in 2020, and what they really mean
Ixl Lausd Northwest
Edward Walk In Clinic Plainfield Il
Consume Oakbrook Terrace Menu
Heavenly Delusion Gif
The Boogeyman Showtimes Near Surf Cinemas
Myql Loan Login
Gvod 6014
Live Delta Flight Status - FlightAware
Vindy.com Obituaries
Free Crossword Puzzles | BestCrosswords.com
Nu Carnival Scenes
All Weapon Perks and Status Effects - Conan Exiles | Game...
Sandra Sancc
This Doctor Was Vilified After Contracting Ebola. Now He Sees History Repeating Itself With Coronavirus
Canvas Elms Umd
Advance Auto.parts Near Me
Quest Diagnostics Mt Morris Appointment
Karen Kripas Obituary
Latest Posts
What is KYC and How to do KYC Verification?
DeFi - Worldwide | Statista Market Forecast
Article information

Author: Mrs. Angelic Larkin

Last Updated:

Views: 6452

Rating: 4.7 / 5 (47 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Mrs. Angelic Larkin

Birthday: 1992-06-28

Address: Apt. 413 8275 Mueller Overpass, South Magnolia, IA 99527-6023

Phone: +6824704719725

Job: District Real-Estate Facilitator

Hobby: Letterboxing, Vacation, Poi, Homebrewing, Mountain biking, Slacklining, Cabaret

Introduction: My name is Mrs. Angelic Larkin, I am a cute, charming, funny, determined, inexpensive, joyous, cheerful person who loves writing and wants to share my knowledge and understanding with you.