Lesson 3: Creating and Managing Address Lists and Recipient Policies

In Exchange Server 2003, there is a single GAL for the entire Exchange organization, by default. In organizations with thousands of Exchange users, the GAL can be very cumbersome to navigate, making it difficult for users to find the recipients they are looking for. Exchange Server 2003 allows the administrator to create additional custom address lists to meet the needs of the organization, including offline address lists that are available when users are not connected to the network. Address lists are simply a collection of Active Directory objects that have been grouped by one or more common attributes (such as department name). An address list can contain users, contacts, public folders, and groups.

After this lesson, you will be able to

• Create and modify address lists

• Administer address lists

• Manage a Recipient Update Service

• Work with offline address lists

• Create and apply recipient policies

Estimated lesson time: 60 minutes

Creating and Modifying Address Lists

Address lists are a convenient way of filtering the GAL into more manageable groupings. Address lists are different from distribution groups in that there is no "membership" in an address list like there is in a group. Address lists are formed through LDAP queries that filter the display of the Exchange organization based on criteria you define. You primarily find address lists used in large Exchange organizations that contain thousands of users and many physical locations. For example, contoso.com has 10,000 entries in the GAL (mailbox-enabled users, mail-enabled users, contacts, and groups). The company has 20 physical locations with roughly 500 employees and contractors at each location. Most users communicate only with users at their own location. Rather than a user having to navigate the 10,000-entry GAL, you could use address lists to filter the GAL to only the users in a given location. That would considerably reduce the number of entries displayed to a user, making the address list more efficient to use.

Another situation in which you would use an address list is when you want to be able to locate users quickly by their group membership but where a distribution list wouldn't be appropriate. An example is an address list that filters all of the Sales staff globally for Contoso into a single list. This would allow the vice president of Sales and others to access a complete list of salespeople throughout Contoso without having to e-mail an entire distribution list.

Creating an Address List

Address lists are created using the Exchange System Manager. When you start Exchange System Manager, click the Recipients container. There are three subcontainers related to address lists: All Address Lists, All Global Address Lists, and Offline Address Lists. When Exchange Server 2003 is installed and an organization is created, the following default address lists are created:

• All Address Lists

  • All Contacts

  • All Groups

  • All Users

  • Public Folders

• All Global Address Lists

  • Default Global Address List

• Offline Address Lists

  • Default Offline Address List

For small to medium-sized Exchange Server 2003 organizations, these default lists are often sufficient. Large organizations will likely need additional address lists to address specific needs. Creating an address list begins by determining what type of address list it will be and therefore which of the three address list containers to place it in. The process of creating an address list in the All Address Lists container is as follows:

1. Right-click All Address Lists, point to New, and click Address List.

2. Type in a name for the address list that describes its function.

3. Click Filter Rules to open the Find Exchange Recipients dialog box.

4. By default, all Exchange recipients will be included in the filter, so click the Advanced tab to narrow the criteria.

5. Click the Field menu, and then select a recipient type (User, Contact, Public Folder, or Group) and the attribute you want to filter by (such as Department).

6. Type a value for the attribute. For example, if you chose Department, you could type sales.

7. Click Add to add the attribute to the Condition list. Click OK, and then click Finish to create the address list.

Another option you can filter for is related to mailbox-enabled users. By clicking the Storage tab on the Find Exchange Recipients dialog box, you can select whether to include mailboxes on all servers in the Exchange organization, only mailboxes on a specific server, or only mailboxes in a specific mailbox store.

After you create the address list, you will see it in the container in Exchange System Manager. Right-click the address lists and click Properties. This opens a Properties dialog box, like the one shown in Figure 7-40, which shows you the LDAP query being used to generate the address list.

Figure 7-40: The LDAP query for an address list

In this example, the address list is filtering for all users that have a Department attribute of sales. By clicking Preview, you can see how the address list will appear when a user selects it in Outlook. Figure 7-41 shows an example of a previewed address list.

Figure 7-41: Previewing an address list

Modifying an Address List

There are times when you will need to modify an address list. Perhaps you previewed the address list you just created, and the results were not what you intended. Or you may have an existing list that you need to modify to be more or less inclusive, such as a situation where you had an address list that included users as well as contacts, and now you want it to include only users. Rather than having to delete the address list and recreate it from scratch, Exchange Server 2003 allows you to modify an address list and make changes.

To modify an address list, perform the following steps:

1. Right-click it in Exchange System Manager and click Properties. This opens the Properties dialog box, like the one in Figure 7-40.

2. Click Modify. This opens the same Find Exchange Recipients dialog box that you used in creating the address list. Figure 7-42 shows the General tab, where you can limit the types of recipients you want to include in the filter. This is useful if you want to exclude certain types, such as contacts. Figure 7-43 shows the Advanced tab, where you can specify the attributes and values that you want to filter for.

   
   Figure 7-42: Filtering an address list by recipient type

   
   Figure 7-43: Filtering an address list by attributes

Once you modify an address, you can preview it again to ensure that the results are what you intended.

Administering Address Lists

Creating and modifying address lists is the majority of the administrative work involved in managing address lists. However, you can perform additional administrative tasks to administer an address list. One is to configure access permissions for an address list, and another is to override address list update scheduling by forcing an immediate update.

Setting Permissions on Address Lists

By default, all users in an organization can access all address lists (the Authenticated Users group has List Contents permission). There might be situations where you want to restrict access to a particular address list, such as to keep users from using an executive management address list to e-mail all executives easily. Denying access to an address list does not prevent users from e-mailing the recipients in the address list by other means, such as selecting them from the GAL, but it does prevent them from seeing a particular address list when they are using Outlook.

To set permissions for an address list, perform the following steps:

1. Right-click the address list in Exchange System Manager and click Properties.

2. Click the Security tab, shown in Figure 7-44, which shows the users and groups with configured permissions and what those permissions are.

   
   Figure 7-44: The security properties of an address list

3. A gray check box means that the permissions have been inherited from a higher level object, in this case the All Address Lists container. You can add users and groups and configure their permissions or change the permissions for existing users and groups that are listed.

Setting permissions must be done carefully because group membership can cause unintended results. This is especially true when you use the explicit Deny permission rather than unselecting Allow.

Updating an Address List Manually

Normally when you make changes to an address list, the changes are replicated to other Exchange servers in the organization by the Recipient Update Service. This replication occurs on a configurable schedule. There are times when you do not want to wait until the next scheduled update takes place, so Exchange Server 2003 allows you to force an immediate update manually.

To update an address list manually, perform the following steps:

1. Expand the Recipients container in Exchange System Manager.

2. Click the Recipient Update Services container. Notice that there are two default Recipient Update Services: one for the domain and one for the enterprise. The enterprise Recipient Update Service is responsible for updating system objects such as the Message Transfer Agent and the System Attendant. The domain Recipient Update Service updates recipient objects.

3. Right-click the Recipient Update Service for the domain and click Update Now. This will force any address list changes to be replicated immediately. Alternatively, you can click Rebuild, which rather than just updating changes will rebuild all the address lists.

Managing a Recipient Update Service

The Recipient Update Service exists to ensure that address list memberships are accurate by updating them across the organization to reflect any changes that are made. You need to have a Recipient Update Service for each domain in an Exchange Server 2003 organization. However, that is the minimum requirement. You can have multiple Recipient Update Services in a domain, and it is useful to do so if you have a domain that spans multiple Active Directory sites. Whether you are creating a new Recipient Update Service or modifying an existing one, the configuration options are similar. Figure 7-45 shows what the Recipient Update Services Properties dialog box looks like. To reach this dialog box, expand the Recipient Update Services container in Exchange System Manager, and then right-click Recipient Update Service in the contents pane and click Properties.

Figure 7-45: The Recipient Update Service Properties

The options you can configure are as follows:

• Domain The domain that the Recipient Update Service is responsible for.

• Exchange Server The Exchange server that the Recipient Update Service runs on.

• Windows Domain Controller The domain controller that the Recipient Update Service will contact and communicate with when making updates to Active Directory.

• Update Interval The schedule that the Recipient Update Service will use to update address lists. The default setting is Always Run, which means that whenever a change is made, the Recipient Update Service will make the update immediately. You can click the drop-down menu to choose a different interval or click Customize to create a custom schedule. The Always Run setting can create a lot of network traffic if frequent changes are made to address lists, which can have undesirable effects on performance.

A Recipient Update Service is created automatically in a domain when Exchange Server 2003 is installed, if there isn't one already. In domains where there are no Exchange Server 2003 servers but there are Exchange Server 5.5 servers that are part of the organization, you must create a Recipient Update Service for that domain. To do so, you must first run DomainPrep in the domain. Then start Exchange System Manager, right-click Recipient Update Services, point to New, and then click Recipient Update Service. Select the destination domain for the Recipient Update Service and complete the other fields previously listed, as required.

Working with Offline Address Lists

Offline address lists are not unique address lists. That is, they are not different address lists than the regular online address lists. Offline address lists are used to make address lists available to users who are not connected to the network. The most common scenario in which they are used is with mobile users who synchronize their mailboxes remotely, such as over a hotel phone line. These users then disconnect and work with Outlook offline in order to save toll charges, only reconnecting when they are done and ready to transmit their e-mail all at once. Offline address lists allow these types of users to have the benefit of using address lists when composing e-mail, even though they are not connected online with the network.

An offline address list does not necessarily parallel an online address list. That is, it isn't a case of simply selecting an address list and checking a box to make it available offline. Exchange Server 2003 configures a Default Offline Address List during the installation of the first server in the organization. By default, the only address list that is made available offline is the Default Global Address List. Figure 7-46 shows the properties of the Default Offline Address List.

Figure 7-46: The Default Offline Address List properties

The properties that you can configure include the following:

• Offline Address List Server The server that holds the offline address list. You can place it on any Exchange Server 2003 server in the organization.

• Address Lists The address lists that are associated with this offline address list. You can add or remove address lists by using the Add and Remove buttons.

• Update Interval The schedule used by the Recipient Update Service to update address list changes in Active Directory.

• Exchange 4.0 and 5.0 Compatibility Some features of Exchange Server 2003 address lists are compatible only with Exchange Server 5.5 and later. You can enable compatibility with earlier versions of Exchange Server by selecting this check box.

Offline address lists are flexible because they can be configured at the mailbox store level. Remember that in the properties of a mailbox store, one of the fields is for the offline address list for the database. Because you can apply different offline address lists to different mailbox stores, it is sometimes advantageous to create additional offline address lists to meet the specific needs of a mailbox store. Creating an offline address list is similar to creating a regular address list.

1. Right-click the Offline Address Lists container, point to New, and then click Offline Address List. You will be prompted to name the list and choose a server in the organization to store it.

2. After selecting the server, click Next. You will need to select address lists to add to the new offline address list. The Default Global Address List is included by default, but you can remove it and add other address lists.

3. Click Next. Exchange Server 2003 will inform you that the offline address list will be created during the next maintenance period. Click Next again, and then click Finish.

To apply the new offline address list to a mailbox store, right-click the desired mailbox store in Exchange System Manager and then click Properties. Next to the Offline Address List field, click Browse, and then either type the name of the offline address list or search Active Directory for it. Once you click OK to select the offline address list and then click OK again to apply it, all mailboxes in that mailbox store will use the new offline address list.

Creating and Applying Recipient Policies

Recipient policies are a quick and effective way of defining different e-mail addresses for different users in your organization. For example, Contoso, Ltd. acquires Fabrikam, Inc., a company that has 5000 employees. Contoso has migrated Fabrikam's Exchange Server 2003 organization into Contoso's Exchange Server 2003 organization, but Fabrikam needs to maintain its old e-mail addresses in addition to its new @contoso.com addresses so any e-mail that comes from customers is not returned as undeliverable.

In this situation, it would be very inefficient to edit the properties of each Fabrikam user and configure the primary and secondary e-mail addresses. Instead, you could use a recipient policy to do all the work for you. You would create a policy that defines @contoso.com as the primary SMTP address and @fabrikam.com as the secondary SMTP address for all users who have a user attribute of Company defined with the value Fabrikam. The Recipient Update Service would then update all users matching the filter with the new e-mail address configuration.

To create a recipient policy, perform the following steps:

1. Right-click the Recipient Policies container underneath the Recipients container in Exchange System Manager, point to New, and then click Recipient Policy.

2. You are prompted to choose which property pages to include. You can add or remove property pages after the policy is created, so for now select both E-Mail Addresses and Mailbox Manager Settings, and click OK. Realistically, you would probably want to configure separate recipient policies if you need to manage both types of properties. As when configuring other types of policies, while you can consolidate both types of policies into a single policy, the real power is in the flexibility of being able to create multiple policies to serve different needs within an enterprise organization.

3. Next, you must type a name for your recipient policy. The name should be something descriptive so you know from the name what function the policy performs.

4. After naming the policy, click the E-Mail Addresses (Policy) tab. At this point, the addresses listed are the same as what is in the Default Policy. Using the Contoso and Fabrikam example, you would add an SMTP address of @fabrikam.com and leave it as a secondary address, with @contoso.com being the primary SMTP address.

5. Once you've defined your e-mail addresses, click the General tab and then click Modify to define the LDAP query. This opens the same Find Exchange Recipients dialog box that you previously used when creating an address list. The procedure is the same in filtering the policy membership by using attributes and values. For example, if you want the policy to apply to everyone who has the Company attribute for their user account set to Fabrikam, you specify that on the Advanced tab of this dialog box.

6. Once you define the filter, click OK. Exchange Server 2003 will inform you that if you made changes that cause recipient objects to no longer be under the control of this policy, their membership may not be re-evaluated (meaning their addresses may stay the same). Click OK twice to finish creating the policy. Exchange Server 2003 will prompt you to confirm that you want to apply the policy to all users that match the filter. Click Yes to confirm.

7. The policy will be applied at the next update interval by the Recipient Update Service, but you can force the immediate updating of user accounts by right-clicking the recipient policy you created and clicking Apply This Policy Now.

When you create multiple recipient policies, there is one more configuration option to set. Recipient policies are applied in the order listed, with higher policies having a higher priority level than lower policies. You can right-click a policy and click Move Up or Move Down to increase or decrease its priority in relation to other policies. The Default Policy always has the lowest priority, and it cannot be moved up in relation to other policies.

Practice: Creating and Managing Address Lists and Recipient Policies

In this practice, you will prepare your Exchange Server 2003 organization's user accounts and then create address lists that filter based on user attributes. You will then create an offline address list, add the address lists you created to it, and assign it to a mailbox store.

Exercise 1: Prepare the Exchange Server 2003 Environment

Start the Active Directory Users And Computers console. Create the following user accounts with the associated user attributes:

Exercise 2: Create Address Lists

1. Start Exchange System Manager. Expand the Recipients container to view the address list containers.

2. Right-click All Address Lists, point to New, and then click Address List.

3. For the Address List Name, type Sales.

4. Click Filter Rules, and then click the Advanced tab.

5. From the Field menu, point to User, and then click Department.

6. Under the Condition field, select Is (Exactly) from the menu.

7. For the value, type Sales. Click Add.

8. Click OK, and then click Finish.

9. Right-click the Sales address list in the All Address Lists container, and then click Properties.

10. Click Preview. Observe that the group membership consists of each user that has a Department attribute of Sales.

11. Repeat the process to create address lists for Marketing, Dallas, St. Louis, Boston, Omaha, Contoso, and Fabrikam. Use the Office and Company user attributes as required to filter the address list based on those values.

Exercise 3: Create an Offline Address List

1. Right-click Offline Address Lists in the Recipients container, point to New, and then click Offline Address List.

2. Type Company Offline for the name, and click Browse to select a server. Choose Server02 to host the offline address list.

3. After clicking Next, remove the Default Global Address List from the list of Address Lists. Click Add and add the Contoso and Fabrikam address lists to the offline address list.

4. Click Next, and then click Next again when Exchange Server 2003 informs you that the list will be created during the next maintenance period. Click Finish to complete creating the offline address list.

Exercise 4: Assign an Offline Address List to a Mailbox Store

1. In Exchange System Manager, navigate to the Support storage group that you created earlier in this chapter.

2. Right-click the HelpDesk mailbox store in the Support storage group, and then click Properties.

3. Click Browse next to the Offline Address List field.

4. Type Company Offline, and then click Check Names. The name of the address list should become underlined.

5. Click OK, and then click OK again to apply the offline address list to the mailbox store.

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and then try the question again. You can find answers to the questions in the "Questions and Answers" section at the end of this chapter.

1. You are the Exchange Server administrator for Contoso, Ltd. The vice president of Sales calls you with some changes to the Sales address list that he wants to be made immediately. You make the changes and e-mail him confirmation that the changes have been made. A few minutes later, he calls you back and is upset because he doesn't see any difference in the Sales address list. Why can't he see the changes, and what can you do to correct the problem as quickly as possible?

2. You are the Exchange Server administrator for Fabrikam, Inc. The CIO calls you and asks you to set up an address list for a special internal auditing task force the company is putting together. Since the list membership is sensitive, management does not want the user community to be able to view the list membership and ideally not even be able to see that the list exists. You create the address list and are now editing the security settings for the list. How should you configure the security settings to meet the requirements of management?

3. You are the Exchange Server administrator for Contoso, Ltd., a company that uses offline address lists to support a mobile sales staff and an executive management team that travels extensively between office locations. Separate address lists exist for Executive Management and for Sales, among other lists, and both are made available offline in the Mobile Offline Address List that you have created. Company policy is that no one except executive management has access to their address list, and you have configured the security settings on the Executive Address List so that only the Executive security group can view and use the list.

   One afternoon, you receive a call from the CEO. She is at a remote site working on a large proposal with a member of the Sales team, and she saw that when the salesperson went to e-mail the proposal, he was able to see the Executive Address List. Also, when the salesperson left the room, the CEO attempted to pull up the Executive Address List on the salesperson's laptop and was able to do so. She is upset that people are able to access this address list despite a company policy against it, and she wants to know what you are going to do to fix the problem immediately. Why can the salesperson access the list, and what can you do to fix the problem?

Lesson Summary

• Address lists can be created to filter the GAL into logical groupings based on organizational need.

• Address lists differ from distribution groups in that membership is only for display purposes; no e-mail address is associated with an address list.

• Offline address lists are used to make one or more address lists available when a user is not connected to the network.

• If a user has permission to download an address list as part of an offline address list, then they will be able to access the list offline even if they have been denied permission to the list online.

• Offline address lists are assigned at the mailbox store level.

• The Recipient Update Service is responsible for updating address list changes in Active Directory. It can be scheduled to always run or configured to run at scheduled intervals.