Admin wants to know how to use dynamic e-mail groups based On LDAP queries in Exchange Server 2003
I work for a medium-sized company that recently upgraded its Exchange 2000 Servers to Exchange Server 2003 running in Windows Server 2003 Active Directory domains. We need our managers to send out e-mails on a regular basis to a group of employees that reside in a certain city or zip code all across North America. We do our best to keep our Exchange distribution groups updated whenever an employee moves, but using distribution groups based on cities and zip codes has become a hassle due to the large number of locations and frequency of changes. We're on a limited budget and can’t afford expensive, third-party solutions. Is there a way to somehow extract information from Active Directory and come up with a better solution?
— Name withheld
Tech Help—Just An
Got a Windows, Exchange or virtualization question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to the MCPmag.com editors
the best questions get answered in this column and garner
the questioner with a nifty MCPmag.com baseball-style
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message, but submit the requested
information for verification purposes.)
While third-party tools are often good solutions for larger enterprises, now that you're using Exchange Server 2003, you can take advantage of the new, query-based distribution groups. Query-based distribution groups are similar to static ones you're currently using, except that membership is based on a Lightweight Directory Access Protocol (LDAP) query in Active Directory. Query-based groups are dynamic because the results are based on the latest LDAP query.
Depending on your Active Directory design and location of servers, there may be a potential performance hit on the Active Directory servers, because each time a manager sends out an e-mail, the query will be sent to an Active Directory server to determine the membership of the query-based distribution group. However, you may discover that the benefits of lower administrative costs of maintaining distribution groups far outweigh the overhead of LDAP queries. It’s much faster to add users to a group using this method rather than using alternative methods.
With query-based distribution groups, you can easily create a custom filter for all employees living in a certain zip code or city. The managers simply need to use the query-based distribution group, which are mail-enabled by default, and send the e-mail. The LDAP query works against the user account properties that your IT or Human Resources department can keep up to date for each employee.
Here’s the procedure that your managers can use to create a query-based distribution group that will include all employees in a certain zip code: Ensure that your Exchange organization is in the Native Mode. Right-click your Exchange organization in Exchange System Manager and click Properties. On the General tab make sure that the Operation mode is configured for Native Mode (no pre-Exchange 2000 servers).
To create a new query-based distribution group, right-click the Organizational Unit (OU) where you want to create the group and select Query-based Distribution Group:
- Type a name for the group and click Next.
- In the Filter section, click Customize filter and then click the Customize button.
- In the Find Exchange Recipients dialog box make sure that the In box shows Entire Directory and not your domain name.
- Click the Advanced tab and then click on the Field button.
- Select user, then select ZIP/Postal Code.
- In the Condition box select Is (exactly) and in the Value box type the zip code, for example 98052 then click Add. Your screen should look like Figure 1.
- Click OK, Next, and then Finish.
|Figure 1. Sending mail by zip...like old school mail, but better.
As I mentioned earlier, this new group will be mail-enabled by default so people can send mail to this group. Because the group’s membership is built dynamically, you won’t be able to see the group’s membership in the Global Address List (GAL) but the group’s name will be listed.
You can also create a standard distribution group without adding individuals to it, and then add one or more query-based distribution groups to that group if you want.
Here are a few things to keep in mind during troubleshooting. You can also check out this KB article from Microsoft:
- Query-based distribution groups can’t be used to set permissions because they can’t be security principals.
- As I stated earlier, because the membership of these groups is built dynamically, you can’t view the individual members that are part of the group in the GAL. This is different then seeing the group listing itself. The group will be listed in the GAL.
- If the Preview tab of the query-based distribution group doesn’t list any members, make sure that the user’s account properties include the zip code, city or other information that you want users to use for queries.
- Make sure that the “In” box (see screen shot) lists the appropriate location.
- If users can’t see the newly created groups in Outlook, it could be because they are using Cached Mode. Outlook Web Access clients will allow users to use these groups if they type its name and click Find.
I was wondering how many of you out there utilize query-based distribution groups. Have you experienced any performance issues or any other anomalies that you would like to share? Please send me your questions or comments at firstname.lastname@example.org.
Zubair Alexander, MCSE, MCT, MCSA and Microsoft MVP is the founder of SeattlePro Enterprises, an IT training and consulting business. His experience covers a wide range of spectrum: trainer, consultant, systems administrator, security architect, network engineer, author, technical editor, college instructor and public speaker. Zubair holds more than 25 technical certifications and Bachelor of Science degrees in Aeronautics & Astronautics Engineering, Mathematics and Computer Information Systems. His Web site, www.techgalaxy.net, is dedicated to technical resources for IT professionals. Zubair may be reached at email@example.com.