Restricting users from sending internal email

Hi

We have a number of sites in a large AD.

I would like users in one specific site to only be allowed to send email to that particular site.

I realise that I can set every other user in the AD to not accept mail from users in this site on a per user basis, but I would like to apply this to just the users in the problem site otherwise management becomes a major pain.

Basically, site A has its own domain name, sitea.com. Site A is not allowed to send email to siteb (siteb.com) or sitec (sitec.com) etc etc.

Any help greatly appreciated, if you need further info ask away

Richard
LVL 4
rjropesAsked:
Who is Participating?
 
VahikConnect With a Mentor Commented:
well since all users are on the same server then u are right about connector and ur only option will be to use query base distribution group for each domain and then use that group to deny email acceptance per user using ADModify
...if it works(never used it) then  u dont have to micromanage adding and removing users....
0
 
VahikCommented:
Use ADModify tool to apply mass change to active directory users...
do a google serach and download....no traning is needed to run the tool...very easy..
0
 
rjropesAuthor Commented:
I want to avoid doing mass changes to every user in AD as any new users will be missed from the changes so am looking for a different solution

Thanks

Richard
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
SembeeCommented:
Are these users going to be allowed to send email to the outside world?
If not, then simply block all outbound SMTP traffic. Most inter-server traffic goes by SMTP, so that would stop them in their tracks.

Odd request - not something that has come up on here before.

Simon.
0
 
VahikCommented:
OK that is not a problem....create a smtp connector and prevent all users sending through that connector...that will prevent users sending out....but it will not prevent users sending internally or recieving from outside...
0
 
rjropesAuthor Commented:
Hi

Sorry, bad explanation in the question.

The users are all in one AD, hosted on one Exchange 2003 cluster.

Thus to send from one 'domain' to another 'domain' exchange server sees it as local delivery. Each different site has its own DNS domain name and email tag, all hosted by the main exchange server.

I have already tried the connector approach, but as it is local delivery it does not go through it.

I already have in place a connector for external email that these users are not allowed to send through, which is working fine.

Odd request ... odd needs by odd customers (put angry face here)

Apologies for the confusion

Thanks

Richard
0
 
SembeeCommented:
The way that Vahik has outlined is the only way that I can think of doing it. It is simply not something that Exchange was designed to do en-masse.

Simon.
0
 
rjropesAuthor Commented:
Hi

I know how to create query based distribution groups to include the members that i want, but am then a little unsure as to what I need to do next?

Could you give me a little step by step after I have created the query based dl please

thanks

richard
0
 
rjropesAuthor Commented:
Hi

After re-reading your comments, this is just about what I said at the start, what I meant by doing it on a per-user basis.

What I was looking for was a way of doing it on a global scale. On first reading your answer I was thinking that the qbdl was to encompass all of the users that I wanted to prohibit sending to rather than having to use a mass tool to change everyones details.

I don't want to go down this route as we have a lot of users that we add / delete on a daily basis and people would slip through the net

Any other ideas?

Thanks

Richard
0
 
rjropesAuthor Commented:
Hi

I do not think that this question has been answered as the solution is about the same as what I could already do and stated in the question rather than being an answer sorry guys

thanks

richard
0
 
redseatechnologiesCommented:
Hi Richard,

I read through the question and accepted Vahik's answer as a solution, simply because the answer here is "what you want to do cannot be done the way you want"

Sorry it didn't work out better for you, the moderator will decide on this in another 3 days or so - they may very well PAQ: Refund it instead of accepting an answer

Thanks

-red
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.