Recipient objects in Exchange 2000 and Exchange Server 2003 fall into some fairly basic categories, most of which are based on underlying Active Directory concepts. The first, and arguably most important, distinction is between objects that can be used to log on and those that cannot. The former are known as security principals because they contain a security identifier (or SID) and a few other attributes necessary for authenticating the principal's credentials against Active Directory. User accounts are security principals; contacts and distribution groups are not.

The next important distinction to draw is between objects that are mail-enabled and those that are mailbox-enabled. Mail-enabled objects have at least one email address associated with them. A contact (what old Exchange 5.5 hands would call a "custom recipient") is a great example: it exists in the directory, and it has an email address, but it doesn't have a mailbox associated with it. Several classes of object can be mail-enabled. However, only user and InetOrgPerson objects can generally be mailbox-enabled; whenever you see that term applied, it means that the object has an Exchange mailbox associated with it. (There are a few other object types, including recipient policies, public folders, and site replication service objects, that can be mailbox-enabled by Exchange, but we won't be treating them as recipients in this chapter.)

For objects that represent people, we have ...