Managing Exchange recipient policies

In this tip from "15 tips in 15 minutes: Managing recipients and distribution lists," you'll learn how to manage Exchange recipient policies, including procedures such as how to change the default SMTP address and how to assign a second SMTP address.

This Content Component encountered an error

A user who wants to get email from outside the Exchange organization needs an address that a foreign messaging system can understand. Microsoft calls this a proxy address because Exchange "stands proxy" for the foreign messaging system.

You are reading tip #7 from "15 tips in 15 minutes: Managing recipients and distribution lists," excerpted from Chapter 5 of the book Learning Exchange Server 2003, published by Addison-Wesley Professional.
Because Exchange 2003 uses Simple Mail Transfer Protocol (SMTP) for internal and external mail routing, all email objects in Active Directory get an SMTP proxy address. Exchange also assigns an X.400 proxy address, just in case you need to route messages to a legacy Exchange system. Legacy Exchange uses X.400 to route messages between sites.

You might also encounter outside messaging systems that use Lotus Notes, GroupWise, or some other application with unique addressing. These require special connectors that fall outside the scope of this book.

Default Recipient Policy

You can view the proxy addresses assigned to a recipient using the Active Directory Users and Computers console. Open the Properties window for the recipient and select the Email Addresses tab. Figure 5.27 shows an example.

When you install Exchange for the first time, it determines the format of the SMTP address you'll want for your users based on your organization name and the DNS name of your domain. It places the result into an Active Directory object called a Recipient Policy.

A service called the Recipient Update Service, or RUS, reads the proxy addresses in that default recipient policy and applies them to the mail-enabled objects in Active Directory.

Figure 27
Figure 5.27 Proxy email addresses assigned based on Default Recipient Policy. (Click on image for enlarged view.)

To access recipient policies in ESM, drill down under Recipients to the Recipient Policies container, as shown in Figure 5.28.

Figure 28
Figure 5.28 ESM console showing Recipient Policies container and Default Policy. (Click on image for enlarged view.)

To see how Exchange formulates a proxy address, open the Properties window for the Default Policy object. Figure 5.29 shows an example. If Exchange guessed wrong when formulating the default SMTP address for your organization, you can change the address as follows:

Figure 29
Figure 5.29 Proxy email address selection options in Default Recipient Policy. (Click on image for enlarged view.)

  1. Highlight the address and click Edit. This opens an Edit window where you can enter a new address.

  2. Enter the new SMTP address you want as the default for your organization.

  3. Save the change. You'll get a warning message saying that The email Addresses of type(s) SMTP have been modified. Do you want to update all corresponding recipient email addresses to match these new address(es)?

  4. Click Yes to apply the change.

In a few minutes, the Recipient Update Service will apply the change to all existing mail-enabled objects. The next time you create a new mail-enabled object, the Recipient Update Service applies the new address settings.

If you look at the Email Addresses tab of existing users and groups, you'll notice that the old address remains, relegated to a secondary SMTP address, as shown in Figure 5.30.

Exchange retains the old address just in case a user receives mail addressed to that SMTP domain. For example, if you have salespeople already getting mail addressed to subsidiary.com and you configure a recipient policy to give them an SMTP domain of company.com, you don't necessarily want mail addressed to subsidiary.com to bounce.

If you want the superseded addresses to go away, you must either remove the addresses manually in Active Directory Users and Computers or use an automated process of some sort. Microsoft Knowledge Base article 318774 describes how to dump the contents of the recipient's attributes using LDIFDE, and how to manipulate the ProxyAddresses attribute to get rid of the unwanted addresses to then import the result back into Active Directory. You can also write a script to replace the content of the ProxyAddresses attribute. These processes can get fairly complex, so you have to ask yourself if you really want those old addresses to go away.

Figure 30
Figure 5.30 Proxy address changes done as the result of changing the Default Recipient Policy.

Policy filter

Each Recipient Policy contains an LDAP filter that defines who gets the proxy addresses contained in the policy. (Recipient policies also control the Mailbox Management feature, covered later in this chapter.)

To see the LDAP filter for a Recipient Policy, select the General tab. Figure 5.31 shows the filter for the Default Recipient Policy. Note that the default policy applies to every mail-enabled object in Active Directory via the simple expedient of searching for any object with a mailnickname attribute.

You can create a new Recipient Policy and target it to specific types of recipients via an LDAP query. For example, let's say that the Sales department manager wants potential customers to try out a new corporate identity called WhizBang.com instead of the boring old Company.com. She wants salespeople to give out their email addresses as user@whizbang.com instead of user@company.com, but she does not want them to give up their old addresses because they have made valuable contacts with those addresses.

Figure 31
Figure 5.31 LDAP query associated with Default Recipient Policy, which selects all mail-enabled objects in Active Directory (mailnickname=*).

You work with your ISP to register the whizbang.com address and to install an MX record in the whizbang.com DNS zone so Internet clients can find the public interface of your Exchange front-end server. But if the front-end server gets an email message addressed to sally@whizbang.com, it rejects the message unless it finds that proxy address in Sally's account.

You can configure a recipient policy to assign a second SMTP address suffix of @whizbang.com to members of the Sales group using this procedure:

  1. Right-click the Recipient Policies icon and select New -> Recipient Policy from the flyout menu. This opens the new Policy window, as shown in Figure 5.32.

  2. Check the Email Addresses option and click OK. This opens the Properties window for the policy.

  3. In the General tab, give the policy a name.

  4. Select the Email Addresses (Policy) tab.

  5. Click New to add a new email address.

    Figure 32
    Figure 5.32 New recipient policy with selection for policy type, either Email Addresses or Mailbox Manager Settings. (Click on image for enlarged view.)

  6. Select SMTP Address from the list of addresses and click OK.

  7. In the SMTP Address window, enter the SMTP suffix for the domain, such as @whizbang.com. Figure 5.33 shows an example. Leave the This Exchange Organization is responsible… option selected.

    Figure 33
    Figure 5.33 SMTP address assigned to new recipient policy. (Click on image for enlarged view.)

  8. Click OK to save the address. The new address appears in the address list, as shown in Figure 5.34. Check the box to make the new address effective.

  9. If you want the outbound mail sent by the salespeople to show company.com as the return address, highlight the address and click Set As Primary.

  10. Click OK to save the new policy.

  11. Double-click the new policy to open the Properties window.

    Figure 34
    Figure 5.34 Proxy address changes done as the result of adding a new recipient policy in addition to the default policy. (Click on image for enlarged view.)

  12. In the General tab, under Filter Rules, click Modify. This opens the Find Exchange Recipients window, as shown in Figure 5.35.

    Figure 35
    Figure 5.35 LDAP query builder limiting the selection to mailbox-enabled users. (Click on image for enlarged view.)

  13. Uncheck all options except for Users with Exchange Mailbox.

  14. Click the Advanced tab.

  15. Click Field and then Users; then scroll down and select the Member Of option.

  16. Leave the Condition field as Is (exactly).

  17. In the Value field, enter the distinguished name of the group that has members from the Sales department. You might need to create this group. For example, the entry might read
    cn=sales,ou=groups,ou=phoenix,dc=company,dc=com.
    (See Appendix A for information about distinguished names.)

  18. Click Add to add this set of selection criteria under Condition List.

  19. Click Find Now to check your selection criteria. The list of users in the Search Results field should match your expectations.

  20. Click OK to save the filter.

  21. Click OK to close the Properties window. You'll be prompted that the policy does not apply right away.

  22. Click OK to acknowledge the warning and close the window.

  23. Right-click the new policy and select Apply This Policy Now from the flyout menu.

The next time the Recipient Update Service fires, it applies the new proxy addresses on the targeted recipients and changes the existing addresses to a secondary addresses.

Multiple Recipient Policies

At this point, you should have two Recipient Policies, one you just created for the Sales group and the default. ESM displays the policies in the order that RUS evaluates them.

If you create several policies, stacked one on top of the other, RUS evaluates them in order, starting with the policy at the top of the list. If a selected target object does not fall within the LDAP filter criteria of the first policy, then RUS goes on to check the search criteria of the next policy. If the filter in the policy does include a particular object, though, then RUS applies that policy and no others.

You might have situations where you want to apply different email addresses to different groups of users. For example, the Sales department might want to publish email addresses using several different DNS domains, such as sales@companyinfo.com or info@newcompany.com. If you want a set of recipients to have multiple addresses, put all the required addresses into the policy that targets those users. If a recipient falls under several filter criteria, the first filter RUS finds that includes the recipient in the filter takes precedence. RUS ignores all other filter criteria for that recipient.


15 tips in 15 minutes: Managing recipients and distribution lists

 Home: Introduction
 Tip 1: Exchange security groups
 Tip 2: Group membership expansion
 Tip 3: Managing Exchange group email properties
 Tip 4: Exchange 2003 Query-Based Distribution Groups
 Tip 5: DSAccess for Exchange
 Tip 6: DSProxy for Exchange
 Tip 7: Managing Exchange recipient policies
 Tip 8: Exchange Recipient Update Service and proxy addresses
 Tip 9: Restricting mail storage on an Exchange server
 Tip 10: The Exchange server mailbox management service
 Tip 11: Blocking a user's email access
 Tip 12: Accessing another user's mailbox in Outlook
 Tip 13: Exchange mail retention
 Tip 14: Managing recipients with system policies
 Tip 15: Managing recipients with Global Settings

This chapter excerpt from Learning Exchange Server 2003 by William Boswell is printed with permission from Addison-Wesley Professional, Copyright 2004. Click here for the chapter download or to purchase the book.

Dig deeper on Email Policy Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close