Managing domains or an entire forest using recipient scope
The Exchange Management Tools can be configured to use specific portions of your Active Directory hierarchy using a specific recipient scope. When you set the recipient scope to a location in the Active Directory, such as a domain or a an organizational unit, the Exchange Management Shell will only allow you to view the recipients that are stored in that location and any containers beneath it. In this recipe, we'll look at how to set the recipient scope when working with the Exchange Management Shell.
How to do it...
- We can set the recipient scope in the Exchange Management Shell using the
Set-AdServerSettingscmdlet. For example, to set the recipient scope to the Sales OU in thecontoso.comdomain, use the following command:Set-AdServerSettings -RecipientViewRoot contoso.com/sales
- We can also specify the value using the distinguished name of the OU:
Set-AdServerSettings -RecipientViewRoot ` "OU=sales,DC=contoso,DC=com"
How it works...
In Exchange 2007, recipient scope was set using the AdminSessionADSettings global session variable. With Exchange 2010, we use the Set-AdServerSettings cmdlet. When you first start the Exchange Management Shell, the default recipient scope is set to the domain of the computer that is running the shell. If you change the recipient scope, the setting will not be retained when you restart the shell. The default domain scope will always be used when you launch the shell. You can override this by adding these commands to your PowerShell profile to ensure that the setting is always initially configured as needed.
In the previous example, we set the recipient scope to a specific OU in the domain. If you are working in a multi-domain forest, you can use the -ViewEntireForest parameter so that all recipient objects in the forest can be managed from your shell session. Use the following command to view the entire forest:
Set-AdServerSettings -ViewEntireForest $true
To change the recipient scope to a specific domain, set the -RecipientViewRoot to the full qualified domain name of the Active Directory domain:
Set-AdServerSettings -RecipientViewRoot corp.contoso.com
There's more...
If you're working in a large environment with multiple domains and OUs, setting the recipient scope can improve the speed of the Exchange Management Shell, since it will limit the total number of recipients returned by your commands.
If you have Exchange recipients in multiple Active Directory domains or sites, you may have to take replication latency into account when working with a broad recipient scope. To handle this, you can use the Set-AdServerSettings cmdlet to specify domain controllers and global catalog servers that you want to work with.
To set the preferred domain controllers and global catalog that should be used with your recipient scope, use the -SetPreferredDomainControllers and –PreferredGlobalCatalog paramters to specify the FQDN of the servers:
Set-AdServerSettings -ViewEntireForest $true ` -SetPreferredDomainControllers dc1.contoso.com ` -PreferredGlobalCatalog dc1.contoso.com
Setting the preferred domain controller can be useful to ensure your commands will read the latest list of recipients in Active Directory. If you have a provisioning process that uses a specific domain controller when creating recipients, it may take some time to replicate this information throughout the forest. Setting the preferred domain controllers can be used to ensure that you are working with the latest set of recipients available, even if they haven't been replicated throughout the forest.