Solved

Exchange global settings not being overridden by per user specifications

Posted on 2007-03-20
15
989 Views
Last Modified: 2008-06-01
I'm currently working with Microsoft on an Issue but was hoping a few other seasoned IT staff may know the answer to this.  Our Exchange server (OS W2K3 SP1 + Exchange SP2) has Exchange message delivery default limits on sending and receiving size currently set to 10240KB.  Our connector settings and SMTP settings are unrestricted.  We have a few specific users that we've set the global settings to be overridden at the per user level in AD to something higher than the general default limits - these would be administrators and the like that may need to send and receive larger emails.  Based on the following KB, it was our understanding that the per user overrides should trump the global setting and therefore it should allow email larger than 10MB be delivered to administrative staff.  It doesn't seem to and that is our core issue.  I am informed that this used to work.  Articles in reference:

http://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/Message_Restrictions.mspx

Another article that has been referenced is:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;322679

That stated, can someone confirm if you can set up general restrictions on incoming mail and then tweak the few users that should be exceptions to be allowed the option of receiving larger emails than the default?  My alternative is to fill in restrictions on every user - but that seems more complicated than it should be.

Any suggestions?
0
Comment
Question by:thundt
  • 5
  • 4
  • 4
  • +1
15 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
I have seen mixed results with this.

Yes, MS say that User settings should override, but it is either in tha article or another of theirs where they also say "harshest rules apply".

Personally, I have experienced the same as you have with this - global setting override everything else.  Although, I have heard or people saying it does what it says on the box.

Either way, I am subscribed and interested in the outcome here

-red
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
I have personally had success with the user override limits set globally.  The connector ones should trump all else as far as I understand.  How long has it been since you set these higher limits for these specific users.  It does take some time to update.  I suppose you could restart the exchange services to force a faster update.
0
 

Author Comment

by:thundt
Comment Utility
I would change settings and wait up to a day for them to populate without luck.  Likewise I did restart Exchange services to ensure they were populated.

The latest from Microsoft is as follows (limits were some test limits on my server)
____________________________________

Per User Limits:
============
- Sending message size: Maximum KB: 2,000,000
- Receiving message size: Max: 2,000,000

Global Setting Limits:
=================
- Sending Message Size: 10240 Max (KB)
- Receiving Message Size: 10240 Max (KB)

Users aren't able to receive messages over 10 MB because Global Settings are applied to external recipients. When a message is submitted via SMTP/X.400 the Categorizer checks for the Max Submission Content Length (SubmissionContLength) for both the Sender and the Recipient. Since the Sender does not exist in Active Directory, the Global Setting are applied to the Sender and a 5.2.3 NDR is sent back to the recipient.
____________________________________

Unfortunately, this raises more questions.  I was informed that I should reference the article below to understand it, but I've already seen it.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;322679.

I replied with the following:
____________________________________
Please allow me to verify:

"Since the Sender does not exist in Active Directory, the Global Setting are applied to the Sender and a 5.2.3 NDR is sent back to the recipient."

Ultimately, Exchange checks the AD for all individuals that send us internet email and if they do not exist as users in our domain, regardless of who they send the email too or what the recipient is specifically allowed to receive, Global Settings are enforced based on the sender and therefore the message is rejected?
____________________________________

Final response from Microsoft. . . .

Correct. The same thing can happen between Exchange users. If User1 has a Sending limit of 1 MB and User2 has a Receiving limit of 3 MB. If User1 sends a  2 MB attachment to User2 he'll get the 5.2.3 NDR. Even though User2 can receive a 2 MB attachment, because the Sender limit is 1 MB the message will not be delivered.

External users have no User limits in AD so the Global Settings are used for the Sender.
____________________________________

To correctly get it working from Mircosofts standpoint, Global limits needed to be set as the largest portal(which I hate because it leaves the exchange server to process all large emails before rejecting them), then work my way into restrictions on every user.

They've suggested the following tool to do it:  ADModify Net 2.0

Regardless, if anyone has had this working I'd love to hear some of the specifics on how.  For the time being, I've taken their tool and flipped all my settings around.
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
That is bizarre - if senders that are not in AD (which would be all external senders) require limits set on them to work, otherwise failing back to the global settings, what is the point? :)

I am quite happy that we seem to have an answer from MS that makes sense (in an MS kind of way) and it explains why it hasn't worked as advertised for me.

Matthew_L, can you test your working config to see if the above fits in with it?
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
My global limits are currently set at 17000
I changed my account limits send / receive to 25000

I have sent a 22MB file to myself from an external account.  I will post the results as soon as I get the email or the NDR.
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Your external account isnt listed as a mail enabled contact is it?
0
 

Author Comment

by:thundt
Comment Utility
Sorry about the delay - I am slightly confused.  Why would I be concerned about mail enabling an external account?  I can tell you I currently do not have an external account listed as mail enabled.  However, my current understandng of that is the following:

. . . a mail-enabled recipient object is a user who does not have a valid user account, but who does have an email address that reflects your organization's domain.

You would typically create a mail-enabled Exchange Server recipient object for someone who doesn't actually work for your company, but who needs to maintain the appearance of working there.

By using a mail-enabled recipient object, you would be able to publish an external user's email address as externaluser@yourcompany.com. Any email messages sent to that address would pass through your Exchange server and be forwarded to that person's normal email account in his own domain.

--Thank you SearchExchange.com.

Based on that info, are you suggesting I should enable my local domain users to somehow look like they are external accounts?  Please help me to understand what you are suggesting in the post above.

I appreciate it,

Thanks.

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
>>Based on that info, are you suggesting I should enable my local domain users to somehow look like they are external accounts?

No, that is not what I was suggesting, I am just trying to cover all the bases with this confusion of limits.

From what I have found, user specific limits ONLY apply if BOTH users are in AD - so if it is an external user, that doesn't have a mail enabled contact to reflect them (why you would do this, i don't know, but bear with me) then it will only use the global setting.

Matthew, you got any more information for us?

-red
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
I am going to try this on a brand new Exchange / AD install that I have in the lab and get back.  Mine continues to work.
0
 

Author Comment

by:thundt
Comment Utility
Red - I see what you are saying.  I'll also continue to hold tight and see what Mathew says.

Thanks.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
I have tried a brand new Exchange 2003 SP2 install on Windows 2003 SP1 and I am able to define the limits and they seem to work.
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
I now have access to a few more resources at Microsoft, so I will put the call out to them and see what turns up.

-red
0
 

Author Comment

by:thundt
Comment Utility
Modorator - is it possible to close this?  I've not heard anything back and decided I would use a registry edit tool to convert all my users.

Thanks.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
Comment Utility
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now