A user who wants to get email from outside the Exchange organization needs an address that a foreign messaging system can understand. Microsoft calls this a proxy address because Exchange "stands proxy" for the foreign messaging system.
You might also encounter outside messaging systems that use Lotus Notes, GroupWise, or some other application with unique addressing. These require special connectors that fall outside the scope of this book.
Default Recipient Policy
You can view the proxy addresses assigned to a recipient using the Active Directory Users and Computers console. Open the Properties window for the recipient and select the Email Addresses tab. Figure 5.27 shows an example.
When you install Exchange for the first time, it determines the format of the SMTP address you'll want for your users based on your organization name and the DNS name of your domain. It places the result into an Active Directory object called a Recipient Policy.
A service called the Recipient Update Service, or RUS, reads the proxy addresses in that default recipient policy and applies them to the mail-enabled objects in Active Directory.
To access recipient policies in ESM, drill down under Recipients to the Recipient Policies container, as shown in Figure 5.28.
To see how Exchange formulates a proxy address, open the Properties window for the Default Policy object. Figure 5.29 shows an example. If Exchange guessed wrong when formulating the default SMTP address for your organization, you can change the address as follows:
- Highlight the address and click Edit. This opens an Edit window where you can enter a new address.
- Enter the new SMTP address you want as the default for your organization.
- Save the change. You'll get a warning message saying that The email Addresses of type(s) SMTP have been modified. Do you want to update all corresponding recipient email addresses to match these new address(es)?
- Click Yes to apply the change.
In a few minutes, the Recipient Update Service will apply the change to all existing mail-enabled objects. The next time you create a new mail-enabled object, the Recipient Update Service applies the new address settings.
If you look at the Email Addresses tab of existing users and groups, you'll notice that the old address remains, relegated to a secondary SMTP address, as shown in Figure 5.30.
Exchange retains the old address just in case a user receives mail addressed to that SMTP domain. For example, if you have salespeople already getting mail addressed to subsidiary.com and you configure a recipient policy to give them an SMTP domain of company.com, you don't necessarily want mail addressed to subsidiary.com to bounce.
If you want the superseded addresses to go away, you must either remove the addresses manually in Active Directory Users and Computers or use an automated process of some sort. Microsoft Knowledge Base article 318774 describes how to dump the contents of the recipient's attributes using LDIFDE, and how to manipulate the ProxyAddresses attribute to get rid of the unwanted addresses to then import the result back into Active Directory. You can also write a script to replace the content of the ProxyAddresses attribute. These processes can get fairly complex, so you have to ask yourself if you really want those old addresses to go away.
Figure 5.30 Proxy address changes done as the result of changing the Default Recipient Policy.
Each Recipient Policy contains an LDAP filter that defines who gets the proxy addresses contained in the policy. (Recipient policies also control the Mailbox Management feature, covered later in this chapter.)
To see the LDAP filter for a Recipient Policy, select the General tab. Figure 5.31 shows the filter for the Default Recipient Policy. Note that the default policy applies to every mail-enabled object in Active Directory via the simple expedient of searching for any object with a mailnickname attribute.
You can create a new Recipient Policy and target it to specific types of recipients via an LDAP query. For example, let's say that the Sales department manager wants potential customers to try out a new corporate identity called WhizBang.com instead of the boring old Company.com. She wants salespeople to give out their email addresses as firstname.lastname@example.org instead of email@example.com, but she does not want them to give up their old addresses because they have made valuable contacts with those addresses.
Figure 5.31 LDAP query associated with Default Recipient Policy, which selects all mail-enabled objects in Active Directory (mailnickname=*).
You work with your ISP to register the whizbang.com address and to install an MX record in the whizbang.com DNS zone so Internet clients can find the public interface of your Exchange front-end server. But if the front-end server gets an email message addressed to firstname.lastname@example.org, it rejects the message unless it finds that proxy address in Sally's account.
You can configure a recipient policy to assign a second SMTP address suffix of @whizbang.com to members of the Sales group using this procedure:
- Right-click the Recipient Policies icon and select New -> Recipient Policy from the flyout menu. This opens the new Policy window, as shown in Figure 5.32.
- Check the Email Addresses option and click OK. This opens the Properties window for the policy.
- In the General tab, give the policy a name.
- Select the Email Addresses (Policy) tab.
- Click New to add a new email address.
- Select SMTP Address from the list of addresses and click OK.
- In the SMTP Address window, enter the SMTP suffix for the domain, such as @whizbang.com. Figure 5.33 shows an example. Leave the This Exchange Organization is responsible… option selected.
- Click OK to save the address. The new address appears in the address list, as shown in Figure 5.34. Check the box to make the new address effective.
- If you want the outbound mail sent by the salespeople to show company.com as the return address, highlight the address and click Set As Primary.
- Click OK to save the new policy.
- Double-click the new policy to open the Properties window.
- In the General tab, under Filter Rules, click Modify. This opens the Find Exchange Recipients window, as shown in Figure 5.35.
- Uncheck all options except for Users with Exchange Mailbox.
- Click the Advanced tab.
- Click Field and then Users; then scroll down and select the Member Of option.
- Leave the Condition field as Is (exactly).
- In the Value field, enter the distinguished name of the group that has members from the Sales department. You might need to create this group. For example, the entry might read
cn=sales,ou=groups,ou=phoenix,dc=company,dc=com.(See Appendix A for information about distinguished names.)
- Click Add to add this set of selection criteria under Condition List.
- Click Find Now to check your selection criteria. The list of users in the Search Results field should match your expectations.
- Click OK to save the filter.
- Click OK to close the Properties window. You'll be prompted that the policy does not apply right away.
- Click OK to acknowledge the warning and close the window.
- Right-click the new policy and select Apply This Policy Now from the flyout menu.
The next time the Recipient Update Service fires, it applies the new proxy addresses on the targeted recipients and changes the existing addresses to a secondary addresses.
Multiple Recipient Policies
At this point, you should have two Recipient Policies, one you just created for the Sales group and the default. ESM displays the policies in the order that RUS evaluates them.
If you create several policies, stacked one on top of the other, RUS evaluates them in order, starting with the policy at the top of the list. If a selected target object does not fall within the LDAP filter criteria of the first policy, then RUS goes on to check the search criteria of the next policy. If the filter in the policy does include a particular object, though, then RUS applies that policy and no others.
You might have situations where you want to apply different email addresses to different groups of users. For example, the Sales department might want to publish email addresses using several different DNS domains, such as email@example.com or firstname.lastname@example.org. If you want a set of recipients to have multiple addresses, put all the required addresses into the policy that targets those users. If a recipient falls under several filter criteria, the first filter RUS finds that includes the recipient in the filter takes precedence. RUS ignores all other filter criteria for that recipient.
15 tips in 15 minutes: Managing recipients and distribution lists
Tip 1: Exchange security groups
Tip 2: Group membership expansion
Tip 3: Managing Exchange group email properties
Tip 4: Exchange 2003 Query-Based Distribution Groups
Tip 5: DSAccess for Exchange
Tip 6: DSProxy for Exchange
Tip 7: Managing Exchange recipient policies
Tip 8: Exchange Recipient Update Service and proxy addresses
Tip 9: Restricting mail storage on an Exchange server
Tip 10: The Exchange server mailbox management service
Tip 11: Blocking a user's email access
Tip 12: Accessing another user's mailbox in Outlook
Tip 13: Exchange mail retention
Tip 14: Managing recipients with system policies
Tip 15: Managing recipients with Global Settings
This chapter excerpt from Learning Exchange Server 2003 by William Boswell is printed with permission from Addison-Wesley Professional, Copyright 2004. Click here for the chapter download or to purchase the book.