?
Solved

Restricting users from sending internal email

Posted on 2006-06-30
13
Medium Priority
?
335 Views
Last Modified: 2010-03-06
Hi

We have a number of sites in a large AD.

I would like users in one specific site to only be allowed to send email to that particular site.

I realise that I can set every other user in the AD to not accept mail from users in this site on a per user basis, but I would like to apply this to just the users in the problem site otherwise management becomes a major pain.

Basically, site A has its own domain name, sitea.com. Site A is not allowed to send email to siteb (siteb.com) or sitec (sitec.com) etc etc.

Any help greatly appreciated, if you need further info ask away

Richard
0
Comment
Question by:rjropes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
13 Comments
 
LVL 26

Expert Comment

by:Vahik
ID: 17016829
Use ADModify tool to apply mass change to active directory users...
do a google serach and download....no traning is needed to run the tool...very easy..
0
 
LVL 4

Author Comment

by:rjropes
ID: 17016873
I want to avoid doing mass changes to every user in AD as any new users will be missed from the changes so am looking for a different solution

Thanks

Richard
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17017023
Are these users going to be allowed to send email to the outside world?
If not, then simply block all outbound SMTP traffic. Most inter-server traffic goes by SMTP, so that would stop them in their tracks.

Odd request - not something that has come up on here before.

Simon.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 26

Expert Comment

by:Vahik
ID: 17017074
OK that is not a problem....create a smtp connector and prevent all users sending through that connector...that will prevent users sending out....but it will not prevent users sending internally or recieving from outside...
0
 
LVL 4

Author Comment

by:rjropes
ID: 17017151
Hi

Sorry, bad explanation in the question.

The users are all in one AD, hosted on one Exchange 2003 cluster.

Thus to send from one 'domain' to another 'domain' exchange server sees it as local delivery. Each different site has its own DNS domain name and email tag, all hosted by the main exchange server.

I have already tried the connector approach, but as it is local delivery it does not go through it.

I already have in place a connector for external email that these users are not allowed to send through, which is working fine.

Odd request ... odd needs by odd customers (put angry face here)

Apologies for the confusion

Thanks

Richard
0
 
LVL 26

Accepted Solution

by:
Vahik earned 2000 total points
ID: 17017213
well since all users are on the same server then u are right about connector and ur only option will be to use query base distribution group for each domain and then use that group to deny email acceptance per user using ADModify
...if it works(never used it) then  u dont have to micromanage adding and removing users....
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17017250
The way that Vahik has outlined is the only way that I can think of doing it. It is simply not something that Exchange was designed to do en-masse.

Simon.
0
 
LVL 4

Author Comment

by:rjropes
ID: 17029607
Hi

I know how to create query based distribution groups to include the members that i want, but am then a little unsure as to what I need to do next?

Could you give me a little step by step after I have created the query based dl please

thanks

richard
0
 
LVL 4

Author Comment

by:rjropes
ID: 17099829
Hi

After re-reading your comments, this is just about what I said at the start, what I meant by doing it on a per-user basis.

What I was looking for was a way of doing it on a global scale. On first reading your answer I was thinking that the qbdl was to encompass all of the users that I wanted to prohibit sending to rather than having to use a mass tool to change everyones details.

I don't want to go down this route as we have a lot of users that we add / delete on a daily basis and people would slip through the net

Any other ideas?

Thanks

Richard
0
 
LVL 4

Author Comment

by:rjropes
ID: 17288772
Hi

I do not think that this question has been answered as the solution is about the same as what I could already do and stated in the question rather than being an answer sorry guys

thanks

richard
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17292224
Hi Richard,

I read through the question and accepted Vahik's answer as a solution, simply because the answer here is "what you want to do cannot be done the way you want"

Sorry it didn't work out better for you, the moderator will decide on this in another 3 days or so - they may very well PAQ: Refund it instead of accepting an answer

Thanks

-red
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question