You should carefully consider whether to create users or
contacts from the directory entries in other messaging systems.
Users will have Microsoft Windows 2000 accounts, while contacts may
not. On the Import Container tab, you can specify to import
users in three different ways:
Create a Windows contact if you
do not want the recipient to be able to log on to Windows 2000. For
example, a contact might represent a recipient from a different
company who has no need to access Exchange 2000 network resources.
The contact you create is mail-enabled but not mailbox-enabled,
which means that the contact has at least one e-mail address
defined, but does not have an associated Exchange mailbox. The
contact sends and receives e-mail using a third-party messaging
system, not Exchange. Exchange users can retrieve the e-mail
address from the global catalog, but the address is for a user on a
remote system. A contact in Windows 2000 is equivalent to a custom
recipient in earlier versions of Exchange.
Create a new Windows user account if
you want the user to be able to log on to Windows 2000. (User
accounts contain logon passwords, group memberships, and
permissions on network resources.) For example, a user might be an
employee with a mailbox on a different messaging system. A user can
be mail-enabled and mailbox-enabled; however, when you create a
user during directory synchronization, the user is mail-enabled but
not mailbox-enabled, since the user's
mailbox is hosted by another messaging system.
Create a "disabled" Windows user account if, only temporarily,
you do not want the user to be able to log on to Windows 2000. You
might want to create such an account as a step in a phased
migration to Exchange or as part of a long-term coexistence plan.
This user is mail-enabled, and has a mailbox on another messaging
system. However, the user cannot currently log on to the Windows
2000 network. User accounts can be enabled at a later date using
the Active Directory Users and Computers snap-in, or
programmatically using Active Directory Service Interfaces (ADSI)
or Lightweight Directory Access Protocol (LDAP) methods.
Deleting Contacts or Users from Active Directory
You can add, delete, or edit users and contacts in the Active
Directory Users and Computers snap-in. When you delete an Exchange
user from an export container, the connector deletes the user from
the foreign directory during directory synchronization. Exchange
can delete objects that it creates in foreign systems.
Similarly, if a foreign user is deleted in the foreign system,
directory synchronization will delete an associated contact object
from Active Directory. However, if the foreign entry is created as
a Windows 2000 user, this does not hold true. To protect the
integrity of Active Directory, deletions on foreign systems cannot
cause user objects to be deleted from Active Directory.
For example, if a Lotus Notes user is imported to Active
Directory as a user object, and then the Lotus Notes administrator
deletes that user from the Lotus system, on the next
synchronization cycle, the user object will not be deleted
from Active Directory. Instead, the e-mail address and proxy
addresses of the object will be deleted. In other words, the object
will no longer be mail-enabled.
Later, if the Lotus Notes administrator adds the user again,
then an additional user object is created in Active Directory,
complete with e-mail addresses. The two user objects share the same
display names and other directory information, but have different
distinguished names. (When the subsequent object is added, the
connector modifies its distinguished name to differentiate them.)
Since the subsequent object is mail-enabled, it shows up in the
global address list of Outlook users,
whereas the first object does not. Exchange users see the latter of
the two objects, but Active Directory contains two nearly identical
objects. Such matches can be cleaned up using the
Active Directory Account Cleanup Wizard.