In Exchange 2000 and 2003, Microsoft recommends that all distribution groups used for email are Universal groups, not Domain Local or Global groups.  This has been our recommendation for many years, as configurations outside of this can result in abnormal mail flow (as you have seen) or lost email.  A quote from this Knowledge Base Article# 839949:

Only universal group memberships are replicated across all domains to all global catalog servers in the forest.  Microsoft always recommends using universal distribution groups for mail distribution in a multi-domain environment.

Now some further explanations as to why this is a problem:

In short, Exchange is simply delivering the mail to the users that it is told should receive it.  Please understand that Exchange knows nothing about the members of the DL, it counts on the GC to provide this information.  The (basic) process looks like this:

– Mail is sent to a distribution list from the mail client of choice.

– Exchange Categorizes the message, and in the process needs to lookup the members of the DL.

– Exchange sends an LDAP query to a GC, the GC looks up the DL name, checks the membership, and responds to Exchange with 20 recipients.

– Exchange delivers successfully to all 20 recipients.  Looks good, the process worked.

Now in the example above, let’s say the DL actually contained 100 recipients, instead of 20.  But because Exchange delivers based off what the GC tells us, and it only knows about 20 users, Exchange is acting as designed.  We cannot NDR the message or throw an error, or notify anyone there was a problem, because we simply weren’t told by the GC that the message was ever intended for those additional 80 people.  But in the example, the reason the DL is missing 80 people from the membership because the recipients are spread across multiple domains, and global or domain local memberships are not replicated to all GC’s.   As we know, only universal groups and their members are replicated across the organization to all GC’s.  This is the reason only Universal Groups are recommended and supported for mail flow.

It is also important to note that Exchange first queries any GC in its AD Site (not domain).  Remember that GC’s from different domains can be kept in the same AD Site, which I presume is the case in your environment.  If we cannot contact a GC in the local site, we will then go out-of-site.  Group memberships as noted above, however, are kept per domain.  So when Exchange is looking for a GC, it is quite possible for Exchange to pick alternate GC’s in its AD Site, each containing memberships for different domains.  Again, this is another reason Universal Groups are recommended.

Also, as you are planning for a migration, please be aware that in Exchange 2007/2010, only Universal mail enabled Distribution Lists can be created.  This is a direct response to the issues many customers including yourself have seen with the legacy (E2k/E2k3) versions of the product.  Once Exchange 2007/2010 is in your environment, it is required that all DL’s and users/mailboxes/etc are created either from the E2k7 Shell or Management Console (and not in AD Users/Computers as in E2k/3).  This prevents any new global/domain local groups being used for mailflow so that moving forward we work away from this being an issue.  While you are still in a mixed environment where E2k3 and E2k7 are running simultaneously, existing Domain Local/Global groups will still be used, just understand this falls under all of the same caveats as above and the possibility for lost mail still exists and should be accounted for and is therefore not recommended.

All other versions of Exchange (E2K7/E2010/E2013) are hard-coded to Universal groups only, and we would not recommend anything that might negatively affect your future migration.