The ability to send email to a group of users through one recipient address is often useful. Windows Server 2003 and Exchange Server 2003 include improved functionality that will make this type of task easier.

Exchange Server 5.5 and earlier let you create static distribution lists (DLs) to which you can add a set of associated members. In Windows NT and Exchange 5.5 environments, the Exchange Directory Service (DS) stores and manages DLs, which exist separately from local, global, or domain groups in the NT 4.0 directory. Windows 2000 and Exchange 2000 Server, both of which use Active Directory (AD), don't make this distinction. Instead, you can mail-enable the security or distribution groups that Win2K stores in AD. (Security groups specify members according to SID; you use these groups to apply access controls to files, folders, and other objects. Distribution groups contain lists of members but don't include members' SIDs, so you can't use distribution groups to assign access controls.) For example, you can build a security group for Project X, then mail-enable the group object so that someone can send a message to each user in the group by sending the message to the group address.

Win2K and Exchange 2000's group implementation is more flexible than NT and Exchange 5.5's implementation but still lacks a few features. The most obvious shortcoming relates to the static nature of distribution and security groups: There's no built-in way to build group membership dynamically. For example, you can't create a distribution group that automatically contains all the users homed on a particular Exchange server or belonging to a particular organizational unit (OU). You can find third-party utilities (such as Imanami's SmartDL) that add this capability, but most administrators don't realize that these products exist or don't want to pay for and deal with a separate product. Many administrators also have asked for more controls over who can send messages to mail-enabled objects. Windows 2003 and Exchange 2003 offer functionality to address both of these requests.

Let's start with the addition of query-based distribution groups. As the name suggests, the results of an AD query form these groups' memberships. You can build these distribution groups from the results of any Lightweight Directory Access Protocol (LDAP) query, so you can aggregate users according to a combination of employee ID, location, office code, or other AD attributes. However, your organization must run in Exchange 2003 native mode to support this powerful feature--only Exchange 2003 servers can expand the query-based groups. The servers can, however, run on Win2K.

To create a query-based distribution group, open the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in. Right-click an OU or user container, then select New, Query-based Distribution Group from the context menu. After you name the group, you can create a custom filter or select from predefined filters to populate the group with mail-enabled users, contacts, groups, and public folders. The filter is automatically scoped to the OU or container in which you create the group, but you can change the scope before finalizing the group. After you create the group, it appears in the Global Address List (GAL) just like every other mail-enabled group. The Recipient Update Service (RUS) periodically rebuilds query-based distribution groups' memberships, so you shouldn't ever need to manually update membership.

The other interesting and useful change is a new check box in the Exchange General tab of each mail-enabled group's Properties dialog box. In Exchange 2000 and earlier, you can block specific users from sending to a DL or group, or you can restrict email to a particular list of named users. However, you can't configure a DL or group to accept messages only from authenticated users (and not, for example, from spammers). Exchange 2003's new "Accept messages from authenticated users only" check box gives you exactly that capacity.

Setting up and managing mail-enabled groups is an ongoing task for most Exchange administrators. Exchange 2003 offers some welcome improvements that will make the job just a bit easier.