Understanding Recipient Scope
Applies to: Exchange Server 2010
You manage recipients by using the Exchange Management Console (EMC) and the Exchange Management Shell. These management interfaces provide the flexibility to view and manage recipients that are stored at various levels of an Active Directory hierarchy.
Microsoft Exchange Server 2010 management interfaces do this by using a concept called the recipient scope. Recipient scope refers to the specified portion of the Active Directory hierarchy that the EMC and the Shell will use for recipient management. When you set the recipient scope to a specific location within Active Directory, you can view and manage all recipients stored in that location and all the containers under it. For example, if you set the recipient scope to a domain, the Exchange management interface you're using lets you view and manage all recipients that are stored in all organizational units (OUs) within that domain.
The recipient scope is simply a view of Active Directory and has no security context. You can access and manage only the objects and containers to which your user account has been granted permission, regardless of the recipient scope setting.
Setting the recipient scope does more than limit the number of recipients returned. When you set the recipient scope, the management interface you are using operates within the recipient scope that you specified. When performing recipient management tasks, the management interface can view only the portion of Active Directory that you set as the recipient scope. For example, assume that your company has the Active Directory structure shown in the following figure. If you set the recipient scope to the Field OU of the corp.contoso.com domain, the Exchange management interface can view only the portion of Active Directory that's highlighted in the following figure.
The recipient scope applies to the first class recipient objects. First class recipient objects refer to all mailboxes, mail contacts, mail users, distribution groups, and dynamic distribution groups.
The properties of first class recipient objects aren't bound by the recipient scope. For example, when adding members to a distribution group, you can select any recipient in the forest, regardless of the recipient scope. Similarly, when configuring the manager of a mailbox user, you can select any mail-enabled user or contact in the forest.
Looking for management tasks related to managing Mailbox servers? See Managing Mailbox Servers.
Recommendations for Working with Recipient Scope
The following are some recommendations for working with recipient scope:
- In large organizations, recipients may be spread across multiple domains or OUs. In these cases, setting a recipient scope that focuses on the specific set of recipients you're managing may reduce the number of recipients that are returned, thereby improving the performance of the Exchange management interfaces.
- Set the recipient scope to the entire forest only when performing specific tasks that apply to all recipients in the forest. When the recipient scope is set to the entire forest, the management interfaces use a global catalog server to access Active Directory. The recipient information that's displayed in the interfaces is dependent on the replication latencies of Active Directory. As a result, the information that's displayed may not be entirely up to date. Likewise, any updates made through the interfaces may not take effect until Active Directory replicates the changes.
Furthermore, if you have a large Active Directory deployment with recipients spread across multiple domains, using a forest-wide recipient scope can reduce the performance of the management interfaces due to the sheer number of recipients returned.
- If you have a complex Active Directory replication topology, or if you have high replication latency, specify the global catalog that's most up to date when setting the recipient scope to the entire forest.
- If you use a specific domain controller on which all updates to Active Directory are made, you can specify that domain controller as the preferred recipient domain controller when setting the recipient scope. For example, if you have an account provisioning system that works with a specific domain controller, you can specify that domain controller as the preferred recipient domain controller.
Setting the Recipient Scope
Exchange 2010 management interfaces always start with the recipient scope at the domain level. The default setting for the recipient scope is always set to the domain of the computer that's running the management interface. Neither the user account that's being used nor the Exchange servers being managed has bearing on the default value of the recipient scope.
To illustrate this point, consider a scenario where the organization contoso.com has an Active Directory forest with three domains: contoso.com (which contains all computer accounts), users.contoso.com (which contains all user accounts), and exchange.contoso.com (which contains the Exchange servers). To administer an Exchange server in exchange.contoso.com, an administrator logs on to a computer in contoso.com with a user account in users.contoso.com. When the administrator opens the EMC or the Shell, by default, the recipient scope is set to contoso.com.
Depending on the task you need to accomplish, you can change the recipient scope to a different location in Active Directory. You can set the recipient scope to a single OU, to the top level of an OU hierarchy, to a domain, or even to the entire forest.
Recipient Scope in the EMC
Changing the recipient scope in the EMC changes the set of recipients that are displayed in the result pane of the Recipient Configuration node. The dialog boxes that you use to select recipients or OUs (located on various wizard pages) also work within the same scope. For example, if you're mail-enabling an existing contact, the Select Contact dialog box in the New Mail Contact wizard displays only the contacts within the recipient scope that aren't already mail-enabled.
The Microsoft Management Console (MMC) saves any changes you make to a snap-in as preferences in your user profile on the administrator computer. The recipient scope setting is also saved as one of your preferences. As a result, the next time you start the EMC on the same computer, the default setting of the recipient scope is overwritten by the scope last specified. However, if you use another computer or a different user account to run the EMC, you will need to adjust the recipient scope again.
To modify the recipient scope in the EMC, select the Recipient Configuration node, and then click Modify Recipient Scope in the action pane. For more information about changing the recipient scope in the EMC, see Change the Recipient Scope.
Recipient Scope in the Shell
Because you must manually type all values in the Shell, it's important that you keep the recipient scope in mind as you manage recipients. If you make references to objects that are outside the recipient scope, you may receive errors. For example, if you try to create a new distribution group in an OU that isn't within the recipient scope you specified, you will receive the error, "Organizational unit <OU name> wasn't found. Please make sure you have typed it correctly".
You can view or modify the recipient scope by using the Set-AdServerSettings cmdlet.
When you change the recipient scope in the Shell, you change the set of recipients that are returned for the Get- cmdlets of the recipient. The recipient scope is accessible by using the Set-AdServerSettings cmdlet.
The default scope isn't retained when you close the Shell. The Shell resets to the default domain-level recipient scope the next time that the Shell is opened.