Introduction

Previous page
Table of content
Next page

Recipient objects in Exchange 2000 and Exchange Server 2003 fall into some fairly basic categories, most of which are based on underlying Active Directory concepts. The first, and arguably most important, distinction is between objects that can be used to log on and those that cannot. The former are known as security principals because they contain a security identifier (or SID) and a few other attributes necessary for authenticating the principal's credentials against Active Directory. User accounts are security principals; contacts and distribution groups are not.

The next important distinction to draw is between objects that are mail-enabled and those that are mailbox-enabled. Mail-enabled objects have at least one email address associated with them. A contact (what old Exchange 5.5 hands would call a "custom recipient") is a great example: it exists in the directory, and it has an email address, but it doesn't have a mailbox associated with it. Several classes of object can be mail-enabled. However, only user and InetOrgPerson objects can generally be mailbox-enabled; whenever you see that term applied, it means that the object has an Exchange mailbox associated with it. (There are a few other object types, including recipient policies, public folders, and site replication service objects, that can be mailbox-enabled by Exchange, but we won't be treating them as recipients in this chapter.)

For objects that represent people, we have three general classes to think about:


User objects

These are security principals that can be mailbox-enabled. A mailbox-enabled user is associated with at most one Exchange mailbox; every mailbox in the store is owned by exactly one mailbox-enabled object.


Contact objects

These are not security principals so they can't be mailbox-enabled, but can be mail-enabled. Contacts appear in the GAL just like user accounts do, but they can't be used to log on, and the associated email addresses may only be used for mail forwarding.


InetOrgPerson objects

The base Active Directory schema used with Exchange 2000 and Windows 2000 provides only for Windows-style user accounts. However, the IETF (and a number of other X.500-based directory services) define uses for the InetOrgPerson object class; this is basically an alternate to the Active Directory way of representing a user. InetOrgPerson support is included in Windows Server 2003 and Exchange Server 2003; although it is mostly used for compatibility with foreign directory services, InetOrgPerson objects can be used anywhere a user object can be. We won't be talking about them in this chapter.

Of course, people aren't the only things we can represent: we can aggregate lots of people into group objects. Microsoft has long advocated using groups for permission assignment, and Windows 2000 and Windows 2003 support a variety of group scopes that we'll mostly ignore here (including local, global, and universal groups). However, there are two group types that have a direct bearing on Exchange: security groups and distribution groups. In Exchange 5.5, you could assign permissions to objects using a distribution list (DL). In Exchange 2000 and later, you can't exactly do this, because distribution groups aren't security principals. Security groups are principals, so they can be used for access control. Both of these group types may be mail-enabled, so you can duplicate the distribution behavior of an ordinary Exchange 5.5 DL by creating a mail-enabled distribution group, or you can create a security group and mail-enable it to provide both access control and ease of mailing to all the group members from a single address. Exchange will convert distribution groups to security groups under some circumstances, as described in Chapter 10 of the Exchange 2000 Resource Kit.

Because of these distinctions, it can be confusing to talk about objects without using the correct set of adjectivesif we say "We created a user account for Joe," it's not clear whether we also meant that we created a mailbox for him unless we say so. The recipes in this chapter cover creating and removing mailboxes and email addresses for mail- and mailbox-enabled objects, as well as creating, removing, and modifying various object types.

The ExchMbx Tool

Joe Richards, one of the technical reviewers for this book, has written a terrific command-line tool called ExchMbx, available from JoeWare.net (http://www.joeware.net/win/free/tools/exchmbx.htm). This tool allows you to mail-enable users, groups, and contacts, remove Exchange attributes from selected objects, and do a number of other interesting and useful things. Best of all, it can be used with the JoeWare adfind utility so that you never have to type another long user DN on a command linefeed adfind your search criteria, then pipe its results to exchmbx and you're golden.


Previous page
Table of content
Next page
Exchange Server Cookbook
Exchange Server Cookbook: For Exchange Server 2003 and Exchange 2000 Server
ISBN: 0596007175
EAN: 2147483647
Year: 2006
Pages: 235
Authors: Paul Robichaux, Missy Koslosky, Devin L. Ganger
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Java How to Program (6th Edition) (How to Program (Deitel))
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
GO! with Microsoft Office 2003 Brief (2nd Edition)
802.11 Wireless Networks: The Definitive Guide, Second Edition
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy