Understanding Recipient Scope
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2006-10-31
In Microsoft Exchange Server 2007, you manage recipients by using the Exchange Management Console and the Exchange Management Shell. These management interfaces give you the flexibility to view and manage recipients that are stored at various levels of an Active Directory hierarchy.
Exchange Server 2007 management interfaces accomplish this by utilizing a concept called the recipient scope. Recipient scope refers to the specified portion of the Active Directory directory service hierarchy that the Exchange Management Console and the Exchange Management Shell will use for recipient management. When you set the recipient scope to a specific location within Active Directory, you can view and manage all recipients stored in that location and all of the containers under it. For example, if you set the recipient scope to a domain, the Exchange management interface you are using allows you to view and manage all recipients that are stored in all organizational units (OUs) within that domain.
|The recipient scope is simply a view of Active Directory and has no security context. You can access and manage only the objects and containers to which your user account has been granted permission, regardless of the recipient scope setting. To learn more about permissions in Exchange 2007, see "Permissions" in Security and Protection.|
Setting the recipient scope does more than just limit the number of recipients returned. When you set the recipient scope, the management interface you are using operates within the recipient scope that you specified. When performing recipient management tasks, the management interface is able to view only the portion of Active Directory that you set as the recipient scope. For example, assume that your company has the Active Directory structure shown in Figure 1. If you set the recipient scope to the Field OU of the corp.contoso.com domain, the Exchange management interface is able to view only the portion of Active Directory that is highlighted in Figure 1.
Figure 1 Recipient scope
The recipient scope applies to the first class recipient objects. In Exchange 2007, first class recipient objects refers to all mailboxes, mail contacts, mail users, distribution groups, and dynamic distribution groups.
|The properties of first class recipient objects are not bound by the recipient scope. For example, when adding members to a distribution group, you can select any recipient in the forest, regardless of the recipient scope. Similarly, when configuring the manager of a mailbox user, you can select any mail-enabled user or contact in the forest.|
The following are some recommendations for working with recipient scope:
In large organizations, recipients may be spread across multiple domains or OUs. In these cases, setting a recipient scope that focuses on the specific set of recipients you are managing may reduce the number of recipients that are returned, thereby improving the performance of the Exchange management interfaces.
Set the recipient scope to the entire forest only when performing specific tasks that apply to all recipients in the forest. When the recipient scope is set to the entire forest, the management interfaces use a global catalog server to access Active Directory. The recipient information that is displayed in the interfaces is dependent on the replication latencies of Active Directory. As a result, the information that is displayed may not be entirely up-to-date. Likewise, any updates made through the interfaces may not take effect until Active Directory replicates the changes.
Furthermore, if you have a large Active Directory deployment with recipients spread across multiple domains, using a forest-wide recipient scope can reduce the performance of the management interfaces due to the sheer number of recipients that is returned.
If you have a complex Active Directory replication topology, or if you have high replication latency, specify the global catalog that is most up to date when setting the recipient scope to the entire forest.
If you use a specific domain controller on which all updates to Active Directory are made, you can specify that domain controller as the preferred recipient domain controller when setting the recipient scope. For example, if you have an account provisioning system that works with a specific domain controller, you can specify that domain controller as the preferred recipient domain controller.
Exchange 2007 management interfaces always start with the recipient scope at the domain level. The default setting for the recipient scope is always set to the domain of the computer that is running the management interface. Neither the user account that is being used nor the Exchange servers being managed has bearing on the default value of the recipient scope.
To illustrate this point, consider the following scenario:
The organization contoso.com has an Active Directory forest with three domains: contoso.com (which contains all computer accounts), users.contoso.com (which contains all user accounts), and exchange.contoso.com (which contains the Exchange servers). To administer an Exchange server in exchange.contoso.com, an administrator logs on to a computer in contoso.com with a user account in users.contoso.com. When the administrator opens the Exchange Management Console or the Exchange Management Shell, by default, the recipient scope is set to contoso.com.
Depending on the task you need to accomplish, you can change the recipient scope to a different location in Active Directory. You can set the recipient scope to a single OU, to the top level of an OU hierarchy, to a domain, or even to the entire forest.
Changing the recipient scope in the Exchange Management Console changes the set of recipients that are displayed in the result pane of the Recipient Configuration node. The dialog boxes that you use to select recipients or OUs (located on various wizard pages) also work within the same scope. For example, if you are mail-enabling an existing contact, the Select Contact dialog box in the New Mail Contact wizard displays only the contacts within the recipient scope that are not already mail-enabled.
|The Microsoft Management Console (MMC) saves any changes you make to a snap-in as preferences in your user profile on the administrator computer. The recipient scope setting is also saved as one of your preferences. As a result, the next time you start the Exchange Management Console on the same computer, the default setting of the recipient scope is overwritten by the scope that you last specified. However, if you use another computer or a different user account to run the Exchange Management Console, you will need to adjust the recipient scope again.|
To modify the recipient scope in the Exchange Management Console, select the Recipient Configuration node, and then click Modify Recipient Scope in the action pane. For more information about changing the recipient scope in the Exchange Management Console, see How to Change the Recipient Scope.
Because you must manually type all values in the Exchange Management Shell, it is important that you keep the recipient scope in mind as you manage recipients. If you make references to objects that are outside the recipient scope, you may receive errors. For example, if you try to create a new distribution group in an OU that is not within the recipient scope you specified, you will receive the error, "Organizational unit <OU name> was not found. Please make sure you have typed it correctly".
You can view or modify the recipient scope by using various fields that are stored in the $AdminSessionADSettings variable.
|The fields that are stored in this variable are retained until the Exchange Management Shell is closed and is reset to its default settings the next time that the Exchange Management Shell is opened.|
The $AdminSessionADSettings variable contains the following fields:
If this field is set to
This field stores the recipient scope for the current session of the Exchange Management Shell in canonical format. For example, if the recipient scope is set to the Users OU in the contoso.com domain, the value for DefaultScope will be contoso.com/Users.
If this field is specified, and if ViewEntireForest is set to
If this field is not specified, Exchange will automatically select a suitable global catalog server.
This field specifies the domain controller that the Exchange Management Shell uses to read the Exchange configuration information.
If this field is specified, and if ViewEntireForest is set to
If this field is not specified, Exchange will automatically select a suitable domain controller.
By manipulating the values that are stored in this variable, you can use the Exchange Management Shell to control the recipient scope. For more information about modifying the recipient scope in the Exchange Management Shell, see How to Change the Recipient Scope.