Exchange Server

Working with Query Based Distribution Groups in Exchange 2003

How can I work with Query-Based Distribution groups in Windows Server 2003 and Exchange Server 2003?

Windows Server 2003 and Exchange Server 2003 have a new group type called "Queries-Based Distribution groups". With the new Queries-Based Distribution groups we can now create new types of distribution groups that are different from the regular type of distribution groups.

The reason for this difference is the fact that the Queries-Based Distribution groups are dynamic by nature and their membership is not static as in regular types of groups. The members of Queries-Based Distribution groups are dynamically inserted or removed from the group when they fall under the scope of the group’s LDAP-based search filter.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Note: In order to be able to use Queries-Based Distribution groups you need to be running a Windows Server 2003 AD and Exchange Server 2003. These types of groups are not present in Windows 2000 AD, nor are they present if Exchange Server 2003 is not installed in your organization.

To create a Queries-Based Distribution group perform the following steps:

  1. In the Windows Server 2003 AD Users and Computers right-click any OU you want and choose New > Query-Based Distribution Group.

query dist

  1. In the New Object window, give the new group a name and Alias and click Next.

query dist1

Note: Make sure you do NOT enter an Alias in Hebrew. The e-mail address of the new group will be based upon this alias (unless you change it later), and Hebrew characters will cause the e-mail address to be somewhat unpredictable and containing numbers.

  1. In the New Object window select the search scope of the new group (i.e. the entire domain or just one OU). You can choose one of the pre-defined search parameters, or, if you want to be more precise, you can select the Customize Filter radio-button and then click on Customize.

query dist2

  1. In the Find window click on the drop-down list to select the type of query you want to create.

query dist3

You can use some of the built-in attributes or create your own set of attribute-based query. In this example I’ve created a custom search by using a manually entered LDAP search string.

See my LDAP Search Samples for Windows Server 2003 and Exchange 2000/2003 article for many LDAP search samples you can use.

  1. When you’re done with the search filter click Ok. You can now go to the Preview tab and see the results your filter gave you. These will be the group’s members, and if you’re satisfied with what you saw – click Ok.

query dist4

  1. Changing the search filter for the group is easy and can be done at any time. Just make sure you test the resulting members by pressing the Start button in the Preview tab of the Query-Based Distribution group.

  2. Wait a few minutes before the group gets it’s e-mail address listed. This is because of latency issues with the Recipient Update Service (RUS) in Exchange. In order for the group to get their e-mail address faster you could manually update the RUS instances in the Exchange System Manager.

The moment the new group gets the e-mail address you wanted (remember, you can easily change it later) you will be able to send e-mail to this group and see it in the Global Address List (GAL).

Remember: This is a Distribution group, not a Security group, therefore you cannot use this group to grant permissions to users.

Related articles

You might also want to read the following related articles:

Related Topics:

Don't leave your business open to attack! Come learn how to protect your AD in this FREE masterclass!REGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: