Large number of mailboxes with distribution group delivery restrictions set
Topic Last Modified: 2006-08-21
The Microsoft® Exchange Server Analyzer Tool queries the following attributes for each user object in all domains found in the Active Directory® directory service to determine whether any mailboxes in the domains have delivery restrictions set based on distribution group membership:
Controls whether messages are accepted or rejected by default. When set to the default setting of 1, messages from everyone are accepted.
Contains the DNs of distribution lists (DL) whose members may not send to this recipient.
Contains the DNs of distribution lists (DL) whose members may send to this recipient.
If the Exchange Server Analyzer determines that there are more than 500 mailboxes in the domain that have delivery restrictions set based on distribution group membership, the Exchange Server Analyzer displays an error.
This error indicates that delivery restrictions based on distribution group membership for many mailboxes may affect Exchange mail flow performance.
By default, categorizer recursively expands distribution groups and checks restrictions for each message that passes through the system.
When the message categorizer sends mail to a user who accepts or denies messages from a distribution group, the message categorizer has to expand the membership of the distribution group, obtain the full list of DNs of the members, and then compare the list of DNs to the list sender’s DNs. An access operation or a deny operation occurs when a DN appears on both lists. If a distribution group is nested in another distribution group, the nested distribution is also expanded.
To address this error:
Examine those users whose distribution group delivery restrictions are set and remove unnecessary restrictions.
Configure individual mailboxes and not distribution groups for delivery restrictions as referenced in Microsoft Knowledge Base article 812298, "Mail delivery is slow after you configure delivery restrictions that are based on a distribution list" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=812298).
For servers that are running Exchange Server 2003 Service Pack 2 (SP2) or a later version, consider implementing non-hierarchal restriction checking. For servers that are running Exchange versions earlier than Exchange Server 2003 SP2, consider upgrading to Exchange Server 2003 SP2.
For more information about non-hierarchal restriction checking, see Consider non-hierarchical restriction checking
For more information about the effect of distribution group restriction on Exchange Server mail flow, see the following Microsoft Knowledge Base articles:
895407, "In Exchange Server 2003, message delivery to local mailboxes and to external mailboxes is slower than you expect after you configure delivery restrictions based on distribution groups" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=895407).
839949, "Troubleshooting mail transport and distribution groups in Exchange 2000 Server and in Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=839949).
812298, "Mail delivery is slow after you configure delivery restrictions that are based on a distribution list" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=812298).