For example, in Windows you would configure four organizational units: internal users, guests, groups, and computers. Then in Exchange, you would create only three recipient containers: internal users, guests, and groups, intentionally not creating a recipient container to correspond with the Windows computers organizational unit. Next, place all of your regular internal corporate users in the internal users container. Finally, place your custom recipients in the guests containers and your distribution lists in the groups container.
With this infrastructure in place, you can set up three connection agreements between the corresponding Windows and Exchange organizational units. If you configure your connection agreement to replicate from Windows to Exchange, new internal users created in Windows would automatically be replicated to the correct Exchange recipient container.
Note Windows 2000 has many group membership restrictions, for example domain local groups cannot be members of global groups. If you do not respect the Windows 2000 limitations in Exchange 5.5, then the membership can not replicate to Windows 2000.