How can I work with Query-Based Distribution groups in Windows Server 2003 and Exchange Server 2003?
Windows Server 2003 and Exchange Server 2003 have a new group type called "Queries-Based Distribution groups". With the new Queries-Based Distribution groups we can now create new types of distribution groups that are different from the regular type of distribution groups.
The reason for this difference is the fact that the Queries-Based Distribution groups are dynamic by nature and their membership is not static as in regular types of groups. The members of Queries-Based Distribution groups are dynamically inserted or removed from the group when they fall under the scope of the group’s LDAP-based search filter.
Note: In order to be able to use Queries-Based Distribution groups you need to be running a Windows Server 2003 AD and Exchange Server 2003. These types of groups are not present in Windows 2000 AD, nor are they present if Exchange Server 2003 is not installed in your organization.
To create a Queries-Based Distribution group perform the following steps:
In the Windows Server 2003 AD Users and Computers right-click any OU you want and choose New > Query-Based Distribution Group.
In the New Object window, give the new group a name and Alias and click Next.
Note: Make sure you do NOT enter an Alias in Hebrew. The e-mail address of the new group will be based upon this alias (unless you change it later), and Hebrew characters will cause the e-mail address to be somewhat unpredictable and containing numbers.
In the New Object window select the search scope of the new group (i.e. the entire domain or just one OU). You can choose one of the pre-defined search parameters, or, if you want to be more precise, you can select the Customize Filter radio-button and then click on Customize.
In the Find window click on the drop-down list to select the type of query you want to create.
You can use some of the built-in attributes or create your own set of attribute-based query. In this example I’ve created a custom search by using a manually entered LDAP search string.
See my LDAP Search Samples for Windows Server 2003 and Exchange 2000/2003 article for many LDAP search samples you can use.
When you’re done with the search filter click Ok. You can now go to the Preview tab and see the results your filter gave you. These will be the group’s members, and if you’re satisfied with what you saw – click Ok.
Changing the search filter for the group is easy and can be done at any time. Just make sure you test the resulting members by pressing the Start button in the Preview tab of the Query-Based Distribution group.
Wait a few minutes before the group gets it’s e-mail address listed. This is because of latency issues with the Recipient Update Service (RUS) in Exchange. In order for the group to get their e-mail address faster you could manually update the RUS instances in the Exchange System Manager.
The moment the new group gets the e-mail address you wanted (remember, you can easily change it later) you will be able to send e-mail to this group and see it in the Global Address List (GAL).
Remember: This is a Distribution group, not a Security group, therefore you cannot use this group to grant permissions to users.
You might also want to read the following related articles: