osiexchange
asked on
Question and possibly a problem with recipient polices in Exchange 2007
I have a question on Exchange 2007 repcipient polcies. Is there any way to create a policy and NOT apply it. In 2003 you had this option. Now, its either apply it immediately or at a future date. Its really annoying. I also don't like the fact that you have to key on AD attributes to have the policy apply. We do our best to populate AD but I know everyone is not exactly the same. I have been thinking of just tagging uses with a Custom Attribute programatically. We are doing a big migration from 2003 and the 2003 policies are still applying but when we retire the servers and delete the old policies, something has to be in place for 2007. I was just wondering how others are dealing with this doing a migration from 2003 to 2007. We have 7 2003 recipient polices right now. If I create a 2007 policy, I know it will only affect users on 2007, but do I make it the highest priority? I am really lost on what to do.
ASKER
I am not sure your last comment is correct. The policies we have in place now for Exchange 2003 are linked to specific Sites and/or Servers. When those servers are retired and Exchange is removed, the policy is no longer valid even if it is at the Organization level. In this senario, the policy is skipped and either the Default Policy is used or the Exchange 2007 policy, if one exists is used.
What changes are you referring to in your last line. I haven't tried yet, but is it possible to add an Exchange 2007 server to an existing 2003 policy. Probably not because there would be no reason to create Exchange 2007 policies if there were.
We have already had a few incidents where users were migrated from Exchange 2003 to 2007 and as soon as they were migrated, there old EAP no longer worked and they defaulted to the Default Policy and their SMTP address changed, since I don't have an Exchange 2007 policy in place yet. For these users, I was forced to uncheck the box that forces policies to be applied on the user properties.
That aside, I just don't care too much for Exchange 2007 policies because they limit the scope at which they can be applied. I can't target a specific server like in 2003. You are forced to populate AD attributes to get the filter to apply. That and you can only assign one email Domain per policy which means multiple policies if you support multiple Domain and that leads to yet another AD attribute to trigger off of. Its just a pain. Lastly, I don't like being forced to apply a policy, but now I am just whining.
What changes are you referring to in your last line. I haven't tried yet, but is it possible to add an Exchange 2007 server to an existing 2003 policy. Probably not because there would be no reason to create Exchange 2007 policies if there were.
We have already had a few incidents where users were migrated from Exchange 2003 to 2007 and as soon as they were migrated, there old EAP no longer worked and they defaulted to the Default Policy and their SMTP address changed, since I don't have an Exchange 2007 policy in place yet. For these users, I was forced to uncheck the box that forces policies to be applied on the user properties.
That aside, I just don't care too much for Exchange 2007 policies because they limit the scope at which they can be applied. I can't target a specific server like in 2003. You are forced to populate AD attributes to get the filter to apply. That and you can only assign one email Domain per policy which means multiple policies if you support multiple Domain and that leads to yet another AD attribute to trigger off of. Its just a pain. Lastly, I don't like being forced to apply a policy, but now I am just whining.
ASKER
OK, I stand corrected on something I said in the last post. You can add an Exchange 2007 server to an existing 2003 policy and it does seem to work. Is this a viable option instead of creating an Exchange 2007 EAP, or will the 2003 EAP eventually go away or break once 2003 is removed from the Organization for good? I like the flexibility of 2003 in that you can target specific servers and apply multiple Domains to one policy.
"is it possible to add an Exchange 2007 server to an existing 2003 policy."
I still am not clear on what are you talking about in this case - are you talking about creating mailboxes using ADUC and Exchange 2003 policy on Exchange 2007 (at least this what i can understand - correct me on this). I would prefer to comment only when you can clear my doubt. Thanks.
"Is this a viable option instead of creating an Exchange 2007 EAP, or will the 2003 EAP eventually go away or break once 2003 is removed from the Organization for good?"
Exchange 2003 policies would not work pretty good on E2k7. Especially when you remove the last box.
You can fool E2k7 box by copying certain attributes from E2k3 policies and show as if E2k7 new policy belongs to E2k7 with policy defined by E2k3.
But that isn't a supported practice.
I still am not clear on what are you talking about in this case - are you talking about creating mailboxes using ADUC and Exchange 2003 policy on Exchange 2007 (at least this what i can understand - correct me on this). I would prefer to comment only when you can clear my doubt. Thanks.
"Is this a viable option instead of creating an Exchange 2007 EAP, or will the 2003 EAP eventually go away or break once 2003 is removed from the Organization for good?"
Exchange 2003 policies would not work pretty good on E2k7. Especially when you remove the last box.
You can fool E2k7 box by copying certain attributes from E2k3 policies and show as if E2k7 new policy belongs to E2k7 with policy defined by E2k3.
But that isn't a supported practice.
ASKER
OK, I have a VM environment so I am not doing this in production. I modified an existing Exchange 2003 EAP using ESM and replaced the Exchange 2003 server with Exchange 2007. It let me do it but after that I had issues trying to move mailboxes so doing it this way is probably not a good idea as you mentioned. What I was saying in my earlier posts is my 2003 polices will most likely not be effective after the 2003 server and the entire 2003 Organization for that matter is gone and we are a native 2007 Org.
The policies point to Exchange 2003 servers and/or Admin Groups that will be removed so the polices won't work. That's why I said they will be deleted. Now, onto the Exchange 2007 EAP. I will need to create one to replace the 2003 policies. We are moving mailboxes from 2003 to 2007 and we had a few incidents where the users Primary SMTP changed to match our Default Policy and I have to believe its because the 2003 policy did not apply anymore after they were migrated to 2007. I am not clear as to why it was only a few specific users. I am just looking to create and Exchange 2007 policy that will apply to users after they are migrated to 2007 and just leave the 2003 polices behind and eventually remove them. I was just wondering what others are doing in this situation.
The policies point to Exchange 2003 servers and/or Admin Groups that will be removed so the polices won't work. That's why I said they will be deleted. Now, onto the Exchange 2007 EAP. I will need to create one to replace the 2003 policies. We are moving mailboxes from 2003 to 2007 and we had a few incidents where the users Primary SMTP changed to match our Default Policy and I have to believe its because the 2003 policy did not apply anymore after they were migrated to 2007. I am not clear as to why it was only a few specific users. I am just looking to create and Exchange 2007 policy that will apply to users after they are migrated to 2007 and just leave the 2003 polices behind and eventually remove them. I was just wondering what others are doing in this situation.
All the very best, other might not have such sophisticated policies which you would have in this case.
However, upon a bit of googling i found three links worth sharing with you.
http://msexchangeteam.com/files/12/attachments/entry442867.aspx
http://msexchangeteam.com/archive/2007/01/10/432143.aspx
http://msexchangeteam.com/archive/2007/03/12/436983.aspx
However, upon a bit of googling i found three links worth sharing with you.
http://msexchangeteam.com/files/12/attachments/entry442867.aspx
http://msexchangeteam.com/archive/2007/01/10/432143.aspx
http://msexchangeteam.com/archive/2007/03/12/436983.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. I took a quick look at these and they are similar to other ariticles I have read but I will check them out. Most of it is about upgrading Address Lists and Policies to 2007 probably more for ease of management then anything else. I will most likely just create a 2007 EAP from scratch and not mess with my current 2003 EAP's. Then delete the 2003 policies when they are not needed anymore. I will eventually have to upgrade the Address Lists but I have all the defaults with no customs so this will be easy. Unless I am wrong, it appears to me that all this upgrading of 2003 policies is just an option in case you want to manage them from 2007.
What was and maybe still is confusing me is that of the 200+ users I have already migrated, only a few had their Priimary SMTP default to the Detault Policy. I then started think, well why did the other 200 I migrated move OK and keep their Primary SMTP address? The following line from an article in the second post may explain this:
"LDAP syntax filters are supported in Exchange 2007 and will exist only on objects that have been migrated from Exchange 2003 or earlier."
So, what I am reading from this is that even though the user was migrated from 2003 to 2007, their 2003 policy is still in effect? Nothing changed regarding their email addresses. Now, if I were to delete that 2003 Policy, they would default to the Default Policy and they would change. I then started to wonder why only those few users did change. What was different about them? Turns out before they existed on the 2003 server they were on before they were migrated, they existed on an earlier 2003 server that is no longer part of our Org. Yes, this server did, and still does, have a Recipient Policy associated with it, but the server is long gone. So maybe these few users were still somehow linked to this policy but it was ok on 2003, but not 2007. And thats what started the whole thing. I need to create a 2007 policy to replace my 2003 ones, hence my original post. I hope all this makes sense to you. Its all very confusing to me as to what I should or should not do.
What was and maybe still is confusing me is that of the 200+ users I have already migrated, only a few had their Priimary SMTP default to the Detault Policy. I then started think, well why did the other 200 I migrated move OK and keep their Primary SMTP address? The following line from an article in the second post may explain this:
"LDAP syntax filters are supported in Exchange 2007 and will exist only on objects that have been migrated from Exchange 2003 or earlier."
So, what I am reading from this is that even though the user was migrated from 2003 to 2007, their 2003 policy is still in effect? Nothing changed regarding their email addresses. Now, if I were to delete that 2003 Policy, they would default to the Default Policy and they would change. I then started to wonder why only those few users did change. What was different about them? Turns out before they existed on the 2003 server they were on before they were migrated, they existed on an earlier 2003 server that is no longer part of our Org. Yes, this server did, and still does, have a Recipient Policy associated with it, but the server is long gone. So maybe these few users were still somehow linked to this policy but it was ok on 2003, but not 2007. And thats what started the whole thing. I need to create a 2007 policy to replace my 2003 ones, hence my original post. I hope all this makes sense to you. Its all very confusing to me as to what I should or should not do.
"We are doing a big migration from 2003 and the 2003 policies are still applying but when we retire the servers and delete the old policies, something has to be in place for 2007"
Polices are at global - organization level - they are no where linked to particular box or version of Exchange (Unless you have made some filter of such sort). Policies can be carried over to exchange 2007. Just need to make certain changes and the same policy will thrive as it used to in the past.