Old recipient policy works. Getting LDAP error with new ones.

We currently have a recipient policy that gives any new accounts a
"username@company.com" address.

We are also in the process of setting up exchange accounts for
each of our remote sites- each of which has a separate OU according
to location.

What I'm trying to do is set up a recipient policy for each location / OU, so that
when accounts are created within an OU, they get given a  "username@location1.company.com"
email address.  Location1, location2 etc correspond to the name of each OU.

This is failing to occur- each account within an OU is receiving an email address- but in the
original format i.e. without the "location".  It looks like the only recipient policy being applied is the

I have tried moving the new recipient policies up the priority list but this doesn't fix
the problem.

The only event of note in the exchange server's Application log is the following:

Source: MSExchangeAL
Category: LDAP Operations
Event ID: 8270


LDAP returned the error [41] Object Class Violation when importing the transaction
dn: <GUID=D5C596F7E29149489074A3C6F8293984>
changetype: Modify
textEncodedORAddress:c=US;a= ;p=XXXXXXX;o=YYYYYYYY;s=x517280;
proxyAddresses:X400:c=US;a= ;p=XXXXXXX; o=YYYYYYYY;s=x517280;
: SMTP:s517280@location1.company.com


...the addresses provided in the error i.e. "@location1..." correspond to what I'm trying to set in the
recipient policies that aren't working.  Note: Selecting "Apply this policy now" for whatever policy doesn't

Our environment is:
      - Windows server 2003
      - Exchange server 2003 SP1.

I have searched on this error without too much luck.  Any help appreciated.
Who is Participating?
aa230002Connect With a Mentor Commented:
Recipient Policies doesnt work on OU or Group Membership. You need an alternative here like an attribute which will identify all users from one particular location.

Please have a look at this KB from MS ->
Cannot use an organizational unit or the location of an account for recipient policy

Amit Aggarwal.
farfoAuthor Commented:
Thanks Amit- you were spot on.  It really surprises me though that you can't create recipient policies based
on the OU in which an account is created- I thought OUs would have been a prime candidate for this sort of thing.

What I'll most likely do now is create a template within each OU that has the name of the town in the
Office attribute, and work the recipient policies around that.  It won't be saving me too much work though-
as I could probably add @townname.company.com to the template to get a similar result.  

Ah well- if you've got any other suggestions I'd be happy to hear them.

Thanks again.
You have a good plan, you can also use tools like Ldifde or ADmodify or some scripts to update one particular attributie like Office as you said and populate it with the location and then you can use this attribute to identify all users from a particular location and apply recipient policies.

similarly, Recipient policies doesnt work on Group Membership or anyother attribute that the RUS is responsible for. Just for your info, here is the related KB ->

The address list or the recipient policy filter is not applied when it is based on group membership or an attribute that the Recipient Update Service is responsible for.

Amit Aggarwal.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.