Do you ever look at your Global Address List (GAL) and say, “what is the point of that group? Is anyone even using it?” Chances are if the IT department is wondering that, then end users are wondering the same thing. And if that is happening, chances are you have a lot of unused distribution lists in that GAL.
You could parse the Exchange usage logs to find all the groups that are being used, then keep a spreadsheet or database with that information and compare it every once in a while and see which Exchange groups are unused. Then delete them and see what happens.
Or you could use GroupID which has a Group Usage Service (GUS) that tracks each and every distribution lists’ usage and allows you to create reports, notify group owners of the distribution list inactivity, and most importantly expire those unused distribution lists. If the distribution group turns out to be needed, the group owner can simply renew the group, maintaining the membership and go on with life.
When the Group Usage Service is used in conjunction with group lifecycle management, you have a powerful tool to keep your GAL clean and avoid the dreaded group glut. Until end users start calling IT when they have a group that they no longer need, you need a method to track distribution list usage and to expire and delete unused distribution lists.
Click here if you are interested in a demo to help solve this problem?
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.
Oh if only life were so simple. I’ve found it to be a very poor assumption that Exchange distribution lists are only used for distributing email. Before deleting that apparently unused group, you should answer a few questions. Is the group security enabled? If so, which resource(s) in your enterprise are using it for access control? Is it a distribution group that was later security-enabled or is it a security group that was later mail-enabled? Is it a global group or a domain local group? Yes Virginia, any group can be Exchange-enabled and it might work just fine without being… Read more »
Are you talking about mail enabled security groups? If so, expiration/renewal works on those as well, it breaks the access that the particular group gives with the ability to renew it when someone complains.
There is no easy non-intrusive way to determine if security groups are being used but expiration/renewal is a lot smarter than delete it and hope nobody complains or, just as bad, keep it forever out of fear of the unknown (unless you like token bloat and security holes).