Old recipient policy works. Getting LDAP error with new ones.

Posted on 2006-05-30
Last Modified: 2012-05-05
We currently have a recipient policy that gives any new accounts a
"" address.

We are also in the process of setting up exchange accounts for
each of our remote sites- each of which has a separate OU according
to location.

What I'm trying to do is set up a recipient policy for each location / OU, so that
when accounts are created within an OU, they get given a  ""
email address.  Location1, location2 etc correspond to the name of each OU.

This is failing to occur- each account within an OU is receiving an email address- but in the
original format i.e. without the "location".  It looks like the only recipient policy being applied is the

I have tried moving the new recipient policies up the priority list but this doesn't fix
the problem.

The only event of note in the exchange server's Application log is the following:

Source: MSExchangeAL
Category: LDAP Operations
Event ID: 8270


LDAP returned the error [41] Object Class Violation when importing the transaction
dn: <GUID=D5C596F7E29149489074A3C6F8293984>
changetype: Modify
textEncodedORAddress:c=US;a= ;p=XXXXXXX;o=YYYYYYYY;s=x517280;
proxyAddresses:X400:c=US;a= ;p=XXXXXXX; o=YYYYYYYY;s=x517280;


...the addresses provided in the error i.e. "@location1..." correspond to what I'm trying to set in the
recipient policies that aren't working.  Note: Selecting "Apply this policy now" for whatever policy doesn't

Our environment is:
      - Windows server 2003
      - Exchange server 2003 SP1.

I have searched on this error without too much luck.  Any help appreciated.
Question by:farfo
    LVL 12

    Accepted Solution

    Recipient Policies doesnt work on OU or Group Membership. You need an alternative here like an attribute which will identify all users from one particular location.

    Please have a look at this KB from MS ->
    Cannot use an organizational unit or the location of an account for recipient policy

    Amit Aggarwal.

    Author Comment

    Thanks Amit- you were spot on.  It really surprises me though that you can't create recipient policies based
    on the OU in which an account is created- I thought OUs would have been a prime candidate for this sort of thing.

    What I'll most likely do now is create a template within each OU that has the name of the town in the
    Office attribute, and work the recipient policies around that.  It won't be saving me too much work though-
    as I could probably add to the template to get a similar result.  

    Ah well- if you've got any other suggestions I'd be happy to hear them.

    Thanks again.
    LVL 12

    Expert Comment

    You have a good plan, you can also use tools like Ldifde or ADmodify or some scripts to update one particular attributie like Office as you said and populate it with the location and then you can use this attribute to identify all users from a particular location and apply recipient policies.

    similarly, Recipient policies doesnt work on Group Membership or anyother attribute that the RUS is responsible for. Just for your info, here is the related KB ->

    The address list or the recipient policy filter is not applied when it is based on group membership or an attribute that the Recipient Update Service is responsible for.

    Amit Aggarwal.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now