Cannot use an organizational unit or the location of an account for recipient policy

Article translations Article translations
Article ID: 296112 - View products that this article applies to.
This article was previously published under Q296112
Expand all | Collapse all

SYMPTOMS

If you try to configure a recipient policy by using an organizational unit (OU) as part of the filter, the recipient policy is not applied to any one of the users in that OU.

Using only the OU as a filter on a recipient policy causes the following filter rule to be created for that recipient policy:
(&(ou>="")(name=myOU))
This filter locates a particular OU (or multiple OUs, depending on the filter that was created), but it does not locate objects that are contained in these OUs. Also, there is no way to create an LDAP filter that is based on the OU that that user account belongs to. While the distinguishedName or canonicalName attributes do include the OU that an account is contained in, any LDP queries that are performed with these two attributes do not succeed. For example:
canonicalName=myDomain.com/MyOU/*)
and
(distinguishedName=*,OU=MyOU,DC=myDomain,DC=com)

RESOLUTION

To resolve this behavior, you can use the Logon Name attribute of users to enforce recipient policies as an alternative to using an OU. To create a recipient policy for users:
  1. Log on to the Microsoft Exchange back-end server.
  2. Start System Manager. On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
  3. Expand Recipients, and then click Recipient Policies.
  4. Right-click Recipient Policies, and then click New/Recipient Policy.
  5. If you are running Microsoft Exchange 2000 Service Pack 2 (SP2) or later, you are prompted for the type of policy to create. Click E-mail addresses.
  6. For the name of the recipient policy, type Customer1 - User, and then click Modify.
  7. On the Find menu, click Users, Contacts, and Groups.
  8. Click the Advanced tab, click Field, click User, and then click Logon Name.
  9. Under Condition, select Ends with. Under Value, type @Customer1.
  10. Click Add and then click OK. Read the warning message, click OK, and then click Apply.
  11. Click the E-mail Addresses (Policy) tab, and then click New. Under E-mail address type, click SMTP Address, and then click OK.

    Note You must click New to create the SMTP address. If you do not click New and if the existing SMTP address is modified, the mailbox is effectively disabled.
  12. In the Address section of the SMTP Address Properties dialog box, type @Customer1.com, and then click OK. Leave This Exchange Organization is responsible for all mail delivery to this address selected.
  13. Make sure that the SMTP address that you just created, @Customer1.com, is selected. Click the box to the left of this new policy. Click Set as Primary. This sets @Customer1.com as the reply-to address for users under this policy, and also allows this group to receive mail in the format username @Customer1.com. Click OK.
  14. In the System Manager warning box, click Yes, and then click Yes again.

MORE INFORMATION

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
249299 How to configure recipient policies in Exchange
253838 How the Recipient Update Service applies system policies
285792 Error message when you change recipient policy in Exchange Server 2003 or in Exchange 2000 Server
270111 Unable to create recipient policy based on X500 Distinguished Name

Properties

Article ID: 296112 - Last Review: February 26, 2010 - Revision: 6.0
APPLIES TO
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
Keywords: 
kbprb KB296112

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com