Announcement

Collapse
No announcement yet.

Updating recipient policy on 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Updating recipient policy on 2003

    Hi all,

    ok i have the need to add 2 new emails domains onto my exchange 2003 server.
    I've added them as individual recipient policies in the System Manager.
    I've one policy called 'PLR' i've set the LDAP filter on an OU (in AD) called 'PLR'.
    Am i therefore right in assuming that once i've applied the policy settings then everything inside the 'PLR' OU will inherit the new primary email address as detailed in the recipient policy?
    Cos if so.....it aint working!
    eg. Howard is a new user in AD and sits inside the 'PLR' OU. His account has been setup with the default exchange mailbox which obviously has the default domain as its email address.
    However, his primary email address needs to be the 'PLR' one, that's why i tried the method above, as I don't want to have to alter every new user manually.

    Is there something i'm doing wrong here?

    Many thanks for any advice offered.

  • #2
    Re: Updating recipient policy on 2003

    You can't use an OU as a filter. I use the description field on the object as my LDAP filter and use a three character description. Here's an example:

    (ObjectCategory=*)(Description=RSI)

    Also, here's a blurb from MS regarding Recipient Policies:

    If you have created several recipient policies, each will be assigned a priority in the order in which they were created. You can modify these priorities to control how they will be applied. The highest number has the highest priority. Only one recipient policy will be applied to each user in the system. If more than one recipient policy is applicable to the user, the one with the highest priority will be applied
    Last edited by joeqwerty; 29th June 2009, 18:26.

    Comment


    • #3
      Re: Updating recipient policy on 2003

      Originally posted by joeqwerty View Post
      You can't use an OU as a filter. I use the description field on the object as my LDAP filter and use a three character description. Here's an example:

      (ObjectCategory=*)(Description=RSI)
      I can't pretend to understand the code above joe, i was just hoping it would do it for me if i clicked the appropriate buttons.
      If OU cannot be used as a filter then why is it in the list?
      I did try it on a group too, (as my user is a member of the group i filtered, but that didn't make a difference either, maybe its because of the quote below (?)


      Also, here's a blurb from MS regarding Recipient Policies:

      If you have created several recipient policies, each will be assigned a priority in the order in which they were created. You can modify these priorities to control how they will be applied. The highest number has the highest priority. Only one recipient policy will be applied to each user in the system. If more than one recipient policy is applicable to the user, the one with the highest priority will be applied
      Now this is interesting, i'll take another look and see what i can do about that.

      Thanks for your input, will let you know what i find out.

      Comment


      • #4
        Re: Updating recipient policy on 2003

        Hmmm....
        i still don't get it.
        Organisational Unit is clearly in the drop down list on the search filter for the recipient policy. If i type in PLR (my OU) it finds it. Surely then by adding/selectig it then anything inside that container has the policy applied to it?
        (&(ou>="")(name=plr*))
        Again, i don't really understand the code, so wouldn't know what i'm looking at. But then isn't that what the GUI method is for?
        If that's not how it is, then MS needs a kicking for not making things easy enough!

        I even tried the advanced filtering and search for users who are 'members of' the group 'plr' and it found nothing!!!!

        Comment


        • #5
          Re: Updating recipient policy on 2003

          The problem is that you want it to filter on the membership of the OU, but that's not what it does. It actually wants to stamp the OU with the email address, not the user in the OU. The filter you've built is not a "member of" filter. I don't know why OU is in the list. I suspect because the "filter builder" uses the same underlying code that all the other AD tools do. For example if you built a query in ADUC you would see the same "filter builder" as you do in ESM and using OU as your LDAP filter your ADUC query would show you the OU, not the objects in the OU. In ESM when building an LDAP filter for your Recipient Policy you have to be careful because not all of the available filters will actually work. When I first started using Exchange 2003 I ran in to the same thing and through the process of trial and error and a lot of reading got a better understanding of how it works.

          As for the filter I posted yesterday, you need to select Custom Search from the drop down when your creating the filter, then select the Advanced tab and paste in the LDAP string from my post.

          Comment


          • #6
            Re: Updating recipient policy on 2003

            Thanks again Joe. Still confused, so what i may do is as its only for about 6 new users, i'll do it all manually.
            I inherited this AD from the previous IT guy and only the bare minimum of info was ever keyed into the objects, so no descirption or other such identifyting details could really be used.

            I'll still look into getting it automated, but for now, i'll just manually add the correct email address into each objects properties.

            Comment


            • #7
              Re: Updating recipient policy on 2003

              If you use the filter I posted it should work. Why not give it a go? Also, here are a few articles on Recipient Policies that might help you understand them a little better:

              http://support.microsoft.com/kb/304516

              http://support.microsoft.com/kb/328738

              http://www.msexchange.org/tutorials/...-Policies.html

              http://searchexchange.techtarget.com...119797,00.html#

              http://support.microsoft.com/?id=328738

              Comment


              • #8
                Re: Updating recipient policy on 2003

                Thanks joe, that will keep me busy...........
                my 3rd party I.T. support company have talked me through adding the 2 new mail domains to the 'default recipient policy' (i guess others do it different), which i've done. All the users are correctly setup now in AD with their relevent domain email address as the primary one.

                Right, i've also changed the 'A' records at the hosting company (did this friday so should be about propagated now).

                So is there anything else i need to do in order for the emails to work both ways? Actually sending is ok, i tested it from my personal email. But when i reply to it, they are not landing yet? Could this still be down to propagation or could there be something not quite setup right with the smtp side of things?
                Should any entries be made into DNS on the server? Or in Exchange System Manager?

                As you may guess i'm in the office all day on a SUNDAY , so i'd like to know that when the user come to work tomorrow, things will be working ok for them.

                Thanks again for your help.

                edit: Doh! i just realised i didn't alter the MX records for the 2 domains at the hosting company. I'm assuming that why they accounts aren't receiving emails. Done it nowm but propagation could take another 2 days now.....eep!

                Comment


                • #9
                  Re: Updating recipient policy on 2003

                  You're correct in that you need public MX records that point to your Exhange server for the new domains. Now that you've set up those MX records, email to the new email addresses should start flowing in.

                  Also, a note about DNS records: They don't propogate. The only DNS servers that have a copy of your records are your public DNS records. All other DNS server simply cache the information for those records when they look up those records.

                  For instance, if I want to send you an email, my Exchange server will query it's DNS server to find several records for your domain name (NS, MX, A). My DNS server will in turn query the root hint servers (because I don't use forwarders) to find out what name server is responsible for the gTLD (.com, .edu, etc.) that your domain resides in. My DNS server then queries the appropriate gTLD server (.com) to find out what name server is responsible for your domain. My DNS server then queries your name server for the MX record for your domain (which returns an A record). My DNS server then queries your name server for the A record that corresponds to the MX record.

                  All of these records have a TTL (Time To Live) which tells my server how long it is allowed to cache the information before it needs to perform a new lookup. The only delay that may occur is if you:

                  1. Change your name server and the TTL for the NS record is long (48 hours for example). This will only affect servers that already have your NS record cached as they won't perform a new lookup for 48 hours (the TTL of the original NS record). All other servers will perform a new query and get the new information immediately.

                  2. Change your MX record and the TTL for the MX record is long (48 hours for example). This will only affect servers that already have your MX record cached as they won't perform a new lookup for 48 hours (the TTL of the original MX record). All other servers will perform a new query and get the new information immediately.

                  3. Change the A record that the MX record points to and the TTL for the A record is long (48 hours for example). This will only affect servers that already have your A record cached as they won't perform a new lookup for 48 hours (the TTL of the original A record). All other servers will perform a new query and get the new information immediately.

                  For all servers that don't have your previous DNS records in their cache for your pre-existing domains, they'll be able to send you email immediately.

                  Since these are new MX records, no servers have them in their cache and any lookups for these records will return the correct results immedialtely.

                  Comment


                  • #10
                    Re: Updating recipient policy on 2003

                    Er.... i follow some of that.
                    However, the emails domains i added to the exchange server aren't NEW domains as it were, i've just migrated them over from a different server, they've been around years.
                    So if i understand it, in that case, domains that have previously emailed either of the 2 domains in question, will not query the DNS for up to 48 hours (as the records are cached). But domains emailing them for the 1st time should get through as they'll query the DNS.

                    Is this right?

                    I hope so cos that would explain why me sending emails from my own domain aren't getting through, as they are cached records from previous email traffic?

                    Oh the fun of it all.......

                    edit: just checked the MX records usings tool on the web. Its still repoting the old records for the 2 new domains. So its certinaly not updated yet. I altered them hours ago.
                    Last edited by k.jacko; 5th July 2009, 18:02.

                    Comment


                    • #11
                      Re: Updating recipient policy on 2003

                      What is the TTL on the MX records. If you PM me the domain names I'll check them at www.dnsstuff.com.

                      Comment


                      • #12
                        Re: Updating recipient policy on 2003

                        Aah....i came in this morning and the email is working again now, so looks like all is good.
                        I've now got to troubleshoot why no one elses outlook is wokring

                        Thanks for all your help joe, i really appreciate it.

                        Jacko

                        Comment


                        • #13
                          Re: Updating recipient policy on 2003

                          Glad to help.

                          Comment

                          Working...
                          X