Announcement

Collapse
No announcement yet.

Custom rule in Exchange not recognising AD group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom rule in Exchange not recognising AD group

    I have a rule in Exchange which stops specific users from sending out emails outside the domain. The rule is defined in EMC\Organisation Configuration\Hub Transport\Transport rules, as such:

    Configuration Summary:
    Elapsed time: 00:00:00


    INTELENET- Only authorised users allowed to mail out


    Rule Comments: This rule is setup in Exchange so that only authorised Intelenet users can email out of the domain while others cannot.

    Pls add "Report IT. VE" to the rule!

    See IM-003306.

    Apply rule to messages
    from a member of AE-Intelenet-NoInternetEmail
    and sent to users Outside the organization
    send Delivery not authorized, message refused. You are not permitted to send email outside of the Victoria Electricity organization. to sender with 5.7.1
    and silently drop the message
    except when the message is from uSec.EXCHANGE.ALLOW_INTELENET_USERS_2_MAILOUT
    The user not allowed to send emails outside the domain are in the AD group "AE-Intelenet-NoInternetEmail". Of these users, there are a handful which are allowed to send emails outside the domain, and they are in the AD group "uSec.EXCHANGE.ALLOW_INTELENET_USERS_2_MAILOUT ". The rule does not work this way and the only way it will work is if we add each user to the rule specifically.

    One of my Service Desk guys was trying to get this rule to work using the "uSec" group. I looked at the rule and told him to just remove those users from the "AE-Intelenet-NoInternetEmail" group and voila!

    The SD guy did this and the rule now works, but he asked me why the original rule with the uSec group would and I am stumped for an explanation. The group is Universal and mail-enabled and looks like it should.

    Does anyone have an explanation? Thanks.

    Exchange 2007.
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Custom rule in Exchange not recognising AD group

    The way you setup this rule it's only allowing mails if they are sent from the uSec group directly not if members of this group are sending.

    Comment


    • #3
      Re: Custom rule in Exchange not recognising AD group

      I don't understand the logic of why the rule would not work in the first place.
      |
      +-- JDMils
      |
      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
      |

      Comment


      • #4
        Re: Custom rule in Exchange not recognising AD group

        Look at the rule and it should be clear:

        ...except when the message is from uSec.EXCHANGE.ALLOW_INTELENET_USERS_2_MAILOUT

        There should be something similar to "member of ...".

        Comment


        • #5
          Re: Custom rule in Exchange not recognising AD group

          Hi,

          I changed the rule to this:
          Configuration Summary:
          Elapsed time: 00:00:00


          INTELENET- Only authorised users allowed to mail out


          Rule Comments: This rule is setup in Exchange so that only authorised Intelenet users can email out of the domain while others cannot.

          Pls add "Report IT. VE" to the rule!

          See IM-003306.

          Apply rule to messages
          from a member of AE-Intelenet-NoInternetEmail
          and sent to users Outside the organization
          send Delivery not authorized, message refused. You are not permitted to send email outside of the Victoria Electricity organization. to sender with 5.7.1
          and silently drop the message
          except when the message is from member of uSec.EXCHANGE.ALLOW_INTELENET_USERS_2_MAILOUT
          Which should now work, however it does not. Why?
          |
          +-- JDMils
          |
          +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
          |

          Comment

          Working...
          X