OPATH is basis for the filtering syntax used by PowerShell, and is therefore the filtering syntax used by Exchange 2007. It replaces the complicated syntax of LDAP used in Exchange 2003, and will allow for filters which are easier to create and interpret. For native PowerShell filters, all work is done client-side in the Powershell host. In Exchange 2007, however, various cmdlets provide "server-side" filters using the same syntax as their client-side counterparts. These server-side filters provide higher performance and added scenarios that are specific to Exchange Server.
This blog post will address some techniques to make use of these "added scenarios" that relate specifically to Exchange Server. For instance, we'll talk about the RecipientFilter "server-side" filter definitions used by Dynamic Distribution Groups, Email Address Policies, Address Lists, and Global Address Lists.
Note that dynamic distribution groups, email address policies, address lists, and global address lists all share approximately the same filtering behavior. They all share the same concept of "precanned" vs "custom" filters, the same filtering properties ("RecipientFilter", "IncludedRecipients", etc), and the same RecipientFilter syntax. Therefore, the examples and techniques below are equally useful for any of these other types, not just for dynamic distribution groups.
When creating dynamic distribution groups (DDGs) with Exchange 2007 Exchange Management Console GUI, you will be presented with three basic decisions used for filtering:
From what OrganizationalUnit scope do I want to include recipients
What sort of recipients do I want to include
Are there any additional things I want to filter on
#1 corresponds to the "RecipientContainer" property in the Exchange shell.
#2 corresponds to the "IncludedRecipients" property.
#3 corresponds to the "ConditionalCompany", "ConditionalStateOrProvince", "ConditionalDepartment", or "ConditionalCustomAttribute" properties.
After you've created a DDG through the GUI, you can also notice that the RecipientFilterType is set to "Precanned". These are the most simple sort of RecipientFilter that can be created, and are the only sort that can be created through the GUI. They take the values you've provided to IncludedRecipients, ConditionalCompany, ConditionalStateOrProvince, ConditionalDepartment, or ConditionalCustomAttribute# and automatically turn them into a RecipientFilter for you. We believe the filters available as Precanned cover the most common RecipientFilter cases used in Exchange 2003.
So, for instance in the GUI you could select to filter starting at the "Domain.com/Users" Organizational Unit, starting with all MailboxUser objects, and then filtering to include only those who have Company defined as "Microsoft". This is a very common sort of DDG and very easy to do in the GUI.
It's also very easy to do in the Exchange shell (syntax is roughly the same for New or Set):
Note for clarification: Although they may both look the same in this example, RecipientContainer and OrganizationalUnit are very different. RecipientContainer defines the root of the OU tree from which recipients will be included in the dynamic distribution group. OrganizationalUnit parameter defines where the new dynamic distribution group will be created in the AD. Note also that the RecipientContainer parameter is available only for dynamic distribution group, and not Email Address Policy nor Address List Recipient Filters.
After this command completes, you can inspect the results of the properties we care about with "Get-DynamicDistributionGroup AllMicrosoft | fl Recipient*,Included*":
Note that you can also see what is the equivalent LDAP filter by inspecting the LdapRecipientFilter property. This is a read-only representation of the LDAP filter. Filters cannot be entered directly with LDAP syntax for Exchange 2007.
Now, what if you want to do something more complicated? Something that is not exposed as a filterable property in the GUI? Well, you can build a custom (ie – not precanned) RecipientFilter!
For example, let's say you want to use that exact same query we just constructed above, EXCEPT that you want it to be also based on the UMEnabled status of the mailbox. In that case, you would need a custom filter and that means you need to use the RecipientFilter property directly: