Introduction to Exchange Recipients

The term Exchange recipients is a vague one at best what does it really mean? An Exchange recipient is simply an Active Directory object to which Exchange can deliver messages. So why the big fancy name? Exchange recipients come in several different types and each with their own caveats.

Before we actually get into the specific objects that are Exchange recipients, let's take a few moments and examine the two general types of recipient objects: mailbox-enabled and mail-enabled. Mailbox-enabled objects have the following basic characteristics:

• A unique email address

• The ability to be displayed in Exchange address lists

• The ability to send and receive email using the Exchange server

• The ability to store mail in the Exchange mailbox store to which they are assigned

Mail-enabled objects, on the other hand, have the following basic characteristics:

• A unique email address

• The ability to be displayed in Exchange address lists

• The ability to receive email at an external address

The distinctions between mailbox-enabled and mail-enabled might seem very small at first, but they are important to bear in mind as you work your way through this chapter and also during your day-to-day administration of your Exchange implementation. With this knowledge in hand, we now move forward and examine the objects in Active Directory that can be Exchange recipients and the specifics of what you need to know when working with them.

User Recipient Objects

There are two types of user recipient objects in the Exchange organization: mailbox-enabled users and mail-enabled users. We've already briefly looked at the differences between mailbox-enabled and mail-enabled objects, but let's see how users fit into these descriptions.

Mailbox-enabled Users

Mailbox-enabled users are the most common type of Exchange recipients with which you will be working. These users have Active Directory user accounts, Exchange mailboxes, and a unique email address all as you might expect. Mailbox-enabled users send and receive mail using the Exchange messaging infrastructure within your organization and can be listed in address lists, including the global address list (GAL). A typical example of this type of Exchange recipient is a full-time company employee.

Mail-enabled Users

Mail-enabled users typically have Active Directory user accounts, but no Exchange mailbox assigned to them. Mail-enabled users send and receive email using an external email account and can be listed in the Exchange address lists. A typical example of this type of Exchange recipient is a temporary or contract employee who requires a user account within Active Directory to perform his job, but receives email via an existing, external email account.

Contact Recipient Objects

Contacts are the electronic equivalent of an address book entry within Active Directory. These objects do not have an Active Directory user account, nor do they have an Exchange mailbox assigned to them. Contacts are thus referred to as mail-enabled contacts within the Exchange organization. Users of the Exchange infrastructure can locate mail-enabled contacts in the Exchange address lists; however, email sent to them is sent to the external email account specified in the contact's properties. A typical example of a mail-enabled contact is a business partner or customer to whom your users need to send email. Mail-enabled contacts can also be included in distribution groups.

Group Recipient Objects

A group is a collection of objects, such as users, contacts, and other groups. Groups can themselves be mail-enabled and be assigned a unique email address, which then allows messages sent to that email address to be sent (via an expansion server) to all members of that group. Mail-enabled groups can be listed in the Exchange address lists for easier messaging of their members. All members of the group who have an email address correctly configured (whether mailbox-enabled or mail-enabled) receive any message that is sent to the group.

Although you can make any group within Active Directory mail-enabled, you should understand the subtle differences between the various group types and group scopes. We briefly examine these topics next.

Group Types

As a review, there are two group types that exist with Active Directory: security groups and distribution groups. Both types of groups can be mail-enabled as discussed previously, but you must be aware of some difference between the types.

• Security groups Security groups, as their name implies, are used to configure the security settings for their members. By configuring user rights and permissions on a group, the settings can then be quickly and efficiently applied to all members of the group. Security groups can also be mail-enabled, thus allowing their usage to distribute messages to all members who have a correctly configured email address within Active Directory.

• Distribution groups Distribution groups, as their name implies, are used only for the purpose of easily distributing messages to a common group of objects users, contacts, and other groups. Distribution groups are not access control list (ACL) enabled, and thus cannot be used to assign user rights and permissions. Distribution groups can be addressed by clients not using Exchange, but the clients must first perform a Lightweight Directory Access Protocol (LDAP) query against Active Directory to locate the distribution group information.

Query-based Distribution Groups

New in Exchange Server 2003 are query-based distribution groups. These groups, as their name implies, are mail-enabled distribution groups that have their group membership defined by the results of an LDAP query made against Active Directory. Query-based distribution groups are automatically mail-enabled and cannot have this property disabled.

Query-based distribution groups provide the advantage of being able to be dynamically created from all Exchange recipients currently in existence in Active Directory. As an example, you might use a query that specifies membership of the query-based distribution group to include all employees in the Engineering or Manufacturing department of your organization. Conversely, you could use a query that specifies the query-based distribution group to include all employees who work in a particular building or geographic location of your organization. By being able to dynamically create these distribution groups (on the fly), you do save time typically spent in creating and maintaining static distribution groups. As long as the object's properties are accurate and up-to-date (such as department or location), query-based distribution groups are more accurate and less labor-intensive to use than their static counterparts.

Of course, every good thing has its drawbacks and query-based distribution groups are no exception. Query-based distribution groups provide you with their power and flexibility as a trade-off for server resources. Each time an email message is sent to a query-based distribution group, the required LDAP query must be made to determine group membership, thus populating the group with the desired members.

Query-based distribution groups function properly in pure Exchange Server 2003 implementations or in Exchange Server 2003 and Exchange 2000 Server implementations in which all Exchange 2000 servers are patched at Service Pack 3 or higher and Windows Server 2003 global catalog servers are in place. If you are using Windows 2000 Server global catalog servers, you may still use query-based distribution groups; however, you need to manually edit the Registry on your Exchange 2000 Server SP3 servers to ensure reliable performance.

Group Scopes

Active Directory provides three different scopes of groups: Domain Local groups, Global groups, and Universal groups. Although it may seem at first trivial knowledge, you really must understand the effects of a group's scope on the messaging capability of the group.

• Domain Local groups Membership of Domain Local groups is not published to global catalog servers. Because of this fact, Exchange users are not able to determine group membership of mail-enabled Domain Local groups for domains other than the one in which their own user account is located within the Active Directory forest. For this reason, it is not recommended that you mail-enable Domain Local groups in forests with multiple domains.

• Global groups Membership of Global groups is not published to global catalog servers. Because of this fact, Exchange users are not able to determine group membership of mail-enabled Global groups for domains other than the one in which their own user account is located within the Active Directory forest. For this reason, it is not recommended that you mail-enable Global groups in forests with multiple domains.

• Universal groups Membership of Universal groups is published to global catalog servers unlike Domain Local groups and Global groups. This allows Exchange users in any domain in the Active Directory forest to determine group membership of mail-enabled Universal groups. For this reason, it is recommended that you only mail-enable Universal groups in forests with multiple domains. Furthermore, you need to use Universal security groups to control permissions to public folders. (Public folders are discussed at length in Chapter 6, "Managing, Monitoring, and Troubleshooting the Exchange Organization.") For best results, you should also only use Universal groups when creating query-based groups.