A query-based distribution group is a new type of distribution group that is included in Exchange 2003. A query-based distribution group provides the same functionality as a standard distribution group, but it uses a Lightweight Directory Access Protocol (LDAP) query that is based on RFC 2254 "LDAP Filter Rules." A query-based distribution group uses the LDAP filter rules to dynamically build membership in the distribution group instead of specifying static user membership. You can easily construct a mailing list for all users who have mailboxes on a particular server, or in a particular storage group or in a database, by using a query-based distribution group. It is less time-consuming to use this method than to add the users to a standard distribution group by using Exchange System Manager or by using a programmatic method. If the user resides on the server, they will receive the mail.back to the top
Description of the Query-Based Distribution Group Process
Because of the dynamic nature of the distribution group, you can use query-based distribution groups at a much lower administrative cost. However, a query-based distribution group carries a higher performance cost for queries that produce many results. This cost is in terms of server resources, such as high CPU utilization and an increased working set, because each message to the query-based distribution group causes a corresponding LDAP query to be run against the Microsoft Active Directory directory service to determine its membership. You cannot view the membership of a query-based distribution group in the Global Address List because it is dynamically generated each time mail is sent. However, you can see the dynamic list if you right-click the distribution group, click Properties
, and then click the Preview
When a message is submitted to a query-based distribution group, Exchange treats the message slightly differently than messages that are destined for other recipients:
- A message is submitted through the Exchange store driver or through Simple Mail Transfer Protocol (SMTP) to the submission queue.
- The categorizer, a transport component that is responsible for address resolution, determines that the recipient is a query-based distribution group.
- The categorizer sends the LDAP query request to the global catalog server.
- The global catalog server runs the query, and then it returns the set of addresses that match the query.
- After receiving the complete set of addresses that match the query, the categorizer generates a recipient list that contains all the users. The categorizer must have the complete set of recipients before it can submit the message to routing. If an error occurs during the expansion of the query-based distribution group to its individual recipients, the categorizer must start the process over.
- After the categorizer sends the complete and expanded list of recipients to routing, the standard message delivery process continues, and the message is delivered to the users’ mailboxes.
The process is slightly different if you use a dedicated expansion server, a single server that is responsible only for expanding distribution groups, for query-based distribution groups. In this case, instead of sending a query to the global catalog server for expansion in step 4, the message is first routed to the dedicated expansion server. After the message arrives at the expansion server, the expansion occurs. The delivery follows the same process that is described earlier in this article. back to the top
Query-Based Distribution Group Guidelines
The following list describes the guidelines about how to use query-based distribution groups:
- They can have restrictions. You can restrict who can send to the query-based distribution group.
- They can expand on a dedicated server (if you want).
- They can be used for Microsoft Exchange 2000 Server or Exchange 2003 users and contact-based recipients.
- They can be used to restrict Universal Distribution Group Message Restrictions.
- They can be nested. It is better to use universal distribution groups.
- They cannot be security principals.
- They cannot be used in an Exchange mixed mode environment that includes Exchange Server 4.0, Exchange Server 5.0, or Exchange Server 5.5.
- They cannot use an external directory service for LDAP queries. You must replicate the external objects to Active Directory.
- Filters must use attributes that are in the global catalog; use of the Preview option is strongly recommended
- Index the attributes that are used in the query. Indexing greatly improves the performance of the query and reduces the time that it takes to expand the distribution group and to deliver the message to the intended recipients.
- Always use universal groups, particularly in multiple domain environments. Use of local and of global groups, even of nested groups, does not work in a multi-domain environment because their membership is not replicated to all global catalog servers
You must use an Exchange 2003 version of Exchange System Manager and of Active Directory Users and Computers to create a query-based distribution group. You cannot create query-based distribution groups without upgrading your administration console. If you have Exchange 2000 computers, you must upgrade them to at least Exchange 2000 Server Service Pack 3. The Exchange organization must be in native mode (no computers can be running versions that are earlier than Exchange 2000).back to the top
Configure an Exchange 2000 Service Pack 3 Computer for Improved Reliability
To configure an Exchange 2000 SP3 server for improved reliability in organizations where query-based distribution groups are expanded with Windows 2000 global catalogs, follow these steps. Important
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
back to the top
- To start Registry Editor, click Start, click Run, and then type regedit.
- Expand the following registry key:
- Right-click Parameters, point to New, and then click DWORD Value.
- Type DynamicDLPageSize, and then press ENTER.
- Right-click DynamicDLPageSize, and then click Modify.
- In Edit DWORD Value, under Base, click Decimal.
- Under Value Data, type 31, and then click OK.
Use Preview to View the Results of Your Query
If the filter string contains bad formatting or incorrect LDAP syntax, then the global catalog server will not run the query. If you use Active Directory Users and Computers to create your query, it can help prevent you from constructing an incorrect query. Use Preview
to view the result of the query; you can use the preview feature to make sure that the query is valid and that it returns the results that you expect. To do this, follow these steps:
back to the top
- Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
- Click Action, point to New, and then click Query-based Distribution Group.
- Type a name for the query-based distribution group, and then click Next.
- Click to select the filter options that you want to use, and then click Next.
- Click Finish.
- Right-click the new query-based distribution group, and then click Properties.
- Click the Preview tab, and then click Start.
- The results of your query are listed under Preview.
Non-Delivery Report with the Code 5.2.4, and Event 6025 or Event 6026
If you create a query-based distribution group that is based on an incorrect LDAP query, when a user sends to the query-based distribution group, the user receives a non-delivery report with the code 5.2.4:
Unable to expand a distribution list to deliver the message to its members. Try again or contact your system administrator. ServerName #5.2.4
Also, if categorizer logging is enabled, one of following two events will be logged:
back to the top
Event Type: Error
Event Source: MSExchangeTransport
Event Category: Categorizer
Event ID: 6025
Description: The categorizer failed to expand the dynamic distribution list with address %1:%2 because of a misconfiguration in the directory. The dynamic membership base DN is invalid.
This event will occur if the base distinguished name is deleted. Query-based distribution expansion relies on its base distinguished name to refer to a valid container in the directory. If the base distinguished name container of a query-based distribution group is deleted, the categorizer cannot run the query, and the sender receives a non-delivery report with the code 5.2.4.
For example, you create a Sales
container in the Users
container for all sales employees. Next, you build a query-based distribution group by using the Sales
container, and then you delete the sales
container. As a result, the query no longer works.
Event Type: Error
Event Source: MSExchangeTransport
Event Category: Categorizer
Event ID: 6026
Description: The categorizer failed to expand the dynamic distribution list with address %1:%2 because of a misconfiguration in the directory. The dynamic membership filter string is invalid.
This event points to a problem with the LDAP filter syntax. Review the LDAP filter and re-create it if you have to.
Messages Seem to Disappear
If the filter string is well-formatted but no results are produced, the sender does not receive a delivery status notification message. This behavior is similar to the results that you receive when you send to an empty distribution group. Message tracking may show that the message disappeared after it was submitted to the categorizer.
Use the Preview
button in Active Directory Users and Computers to confirm the result that you want from your query. If the preview is blank, then verify your filter again. Make sure you only use attributes that are in the global catalog. For additional information about how to verify if an attribute is in the global catalog, click the following article number to view the article in the Microsoft Knowledge Base:
HOW TO: Enumerate Attributes Replicated to the Global Catalog
Exchange System Manager runs by using the administrative credentials of the current user. An administrator with greater administrative credentials than the Exchange computer system account and who previews a query-based distribution group may be accessing Active Directory attributes that are not accessible to the Exchange computer, but that are accessible to the administrator. The administrator will see the correct set of results in the query preview, but the categorizer will run by using the administrative credentials associated with the Exchange computer system account. The categorizer will not be able to retrieve the same set of results. When this behavior occurs, messages are not sent to the query-based distribution group as expected.back to the top
Message Remains in the Messages Awaiting Directory Lookup System Queue
The categorizer must have the complete set of recipients before it can submit the message to routing. Therefore, if an error occurs during the expansion of the query-based distribution group to its individual recipients, the categorizer must restart the process. If the error is considered temporary, then the message queues in the Messages Awaiting Directory Lookup
queue until all the recipients are successfully resolved. Frequently, this problem is caused by global catalog servers that are unavailable, but it can also be caused by other things. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
823489back to the top
How to Use Queue Viewer to Troubleshoot Mail Flow Issues