Creating a Mail-Enabled Distribution List

Anyone who has used a distribution list knows how useful they can be. It is much easier to send email to a single email address than to tens or hundreds or even thousands of addresses. Exchange allows you to mail-enable any group object in Active Directory. Then, when someone sends email to that group, every mail-enabled or mailbox-enabled user in the group will receive a copy of the email.

Active Directory groups can have a group type of security or distribution. While distribution lists are usually of type distribution, you can mail-enable security groups as well. In fact, if anyone in the Exchange Organization uses a distribution group to grant permissions to anything in Exchange, whether it is a calendar or a folder or any other object, Exchange converts the distribution group to a mail-enabled security group. This is something to be aware of because more than one administrator has found himself in a position trying to explain why distribution groups had mysteriously changed into security groups.

A popular question I’ve often heard is: What scope should my distribution groups have? The official response is: whatever scope you need. If you have a multidomain environment, you should probably use a universal group. Mail-enabled groups have to be fully expandable on any global catalog that gets the request to expand the membership. The only group scope that qualifies in a normal multidomain environment is a universal group. If you have a single-domain environment, any group scope will work fine.

When you create a mail-enabled group with the GUI or VBScript, you are using the CDOEXM interface. This interface is the Microsoft-supported method of managing Exchange attributes on users, groups, and contacts. MailEnable is the specific method called. In the background, the specific changes made by the MailEnable method are on the group object in Active Directory and include changes to the following attributes:

  • reportToOriginator
  • mailNickname
  • legacyExchangeDN

Once those attributes have been set, the RUS sets additional attributes on the group object to make the group usable by Exchange.

Using a graphical user interface

 

  1. Open the ADUC snap-in.
  2. If you need to change domains, right click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.
  3. In the left pane, browse to the parent container of the new DL, right-click on it, and select New -> Group.
  4. Enter group name, select group scope, select group type, and click Next.
  5. Verify that Create an Exchange e-mail address is selected and click Next.
  6. Click Finish.

Using a command-line interface

The following command creates a group:

> dsadd group "<GroupDN>" -scope <Group Scope> -secgrp yes|no

The following command mail-enables a group:

> exchmbx -b "<GroupDN>" -me 

Replace <GroupDN> with the group’s distinguished name, <Group Scope> with l, g, or u for local group, global group, or universal group, respectively. -secgrp should be set to yes if this is to be a security group, no otherwise.

To create and mail-enable a distribution universal group named UniDL, execute the following commands:

> dsadd group "cn=UniDL,ou=grps,dc=rallencorp,dc=com" -scope u -secgrp no

> exchmbx -b "cn=UniDL,ou=grps,dc=rallencorp,dc=com" -me

For an alternative method, create an LDIF file called create_dl.ldf with the following contents:

dn: CN=<group name>,<Parent DN>

changetype: add

objectClass: group

cn: <group name>

sAMAccountName: <group name>

groupType: <group type>

mailNickname: <mail nickname>

legacyExchangeDN: <legacy exchange DN>

reportToOriginator: TRUE

Replace <ParentDN> with the distinguished name of the container where you want the group created, <group name> with the name you want the group to be called, <group type> with the group’s scope and type value, <mail nickname> with the group’s mail nickname, and <legacy exchange DN> with the proper legacy exchange distinguished name value. You can skip specifying the legacyExchangeDN if you want Exchange to populate the value for you.

To create a Universal Distribution List group with an Exchange generated legacyExchangeDN, create the file with the following contents:

dn: CN=UniMailGroup,CN=groups,DC=rallencorp,DC=com

changetype: add

objectClass: group

cn: UniMailGroup

sAMAccountName: UniMailGroup

groupType: 8

mailNickname: UniMailGroup

reportToOriginator: TRUE

Then run the following command:

> ldifde -i -f create_dl.ldf

Using VBScript
' This code creates and mail enables a Distribution List

' ------ SCRIPT CONFIGURATION ------

strParentDN  = "<ParentDN>"   ' e.g., ou=groups,dc=rallencorp,dc=com

strGroupName = "<GroupName>"   ' e.g., JoewareUsers

' ------ END CONFIGURATION ---------

' Constants taken from ADS_GROUP_TYPE_ENUM

Const ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 1

Const ADS_GROUP_TYPE_GLOBAL_GROUP       = 2

Const ADS_GROUP_TYPE_LOCAL_GROUP        = 4

Const ADS_GROUP_TYPE_SECURITY_ENABLED   = -2147483648

Const ADS_GROUP_TYPE_UNIVERSAL_GROUP    = 8set objOU = GetObject("LDAP://" & strParentDN)

set objGroup = objOU.Create("group","cn=" & strGroupName)

objGroup.Put "groupType", ADS_GROUP_TYPE_UNIVERSAL_GROUP

objGroup.Put "sAMAccountName", strGroupName

objGroup.MailEnable

objGroup.SetInfo

Wscript.Echo "Successfully created mail-enabled DL."