Article ID: 296112 - View products that this article applies to.
This article was previously published under Q296112
If you try to configure a recipient policy by using an organizational unit (OU) as part of the filter, the recipient policy is not applied to any one of the users in that OU.
Using only the OU as a filter on a recipient policy causes the following filter rule to be created for that recipient policy:
(&(ou>="")(name=myOU))This filter locates a particular OU (or multiple OUs, depending on the filter that was created), but it does not locate objects that are contained in these OUs. Also, there is no way to create an LDAP filter that is based on the OU that that user account belongs to. While the distinguishedName or canonicalName attributes do include the OU that an account is contained in, any LDP queries that are performed with these two attributes do not succeed. For example:
To resolve this behavior, you can use the Logon Name attribute of users to enforce recipient policies as an alternative to using an OU. To create a recipient policy for users:
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/249299/ )How to configure recipient policies in Exchange
(http://support.microsoft.com/kb/253838/ )How the Recipient Update Service applies system policies
(http://support.microsoft.com/kb/285792/ )Error message when you change recipient policy in Exchange Server 2003 or in Exchange 2000 Server
(http://support.microsoft.com/kb/270111/ )Unable to create recipient policy based on X500 Distinguished Name