Solved

Question and possibly a problem with recipient polices in Exchange 2007

Posted on 2008-10-30
8
238 Views
Last Modified: 2010-08-05
I have a question on Exchange 2007 repcipient polcies. Is there any way to create a policy and NOT apply it. In 2003 you had this option. Now, its either apply it immediately or at a future date. Its really annoying. I also don't like the fact that you have to key on AD attributes to have the policy apply. We do our best to populate AD but I know everyone is not exactly the same. I have been thinking of just tagging uses with a Custom Attribute programatically. We are doing a big migration from 2003 and the 2003 policies are still applying but when we retire the servers and delete the old policies, something has to be in place for 2007. I was just wondering how others are dealing with this doing a migration from 2003 to 2007. We have 7 2003 recipient polices right now. If I create a 2007 policy, I know it will only affect users on 2007, but do I make it the highest priority? I am really lost on what to do.
0
Comment
Question by:osiexchange
  • 4
  • 4
8 Comments
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22848691
First of all WHY THIS STEP IS BEING TAKEN ???? Sorry to sound rude - why would any one delete a policy. If you delete a policy you are leaving Exchange with no other option but to fall back on other policies which match the filter for your users.

"We are doing a big migration from 2003 and the 2003 policies are still applying but when we retire the servers and delete the old policies, something has to be in place for 2007"

Polices are at global - organization level - they are no where linked to particular box or version of Exchange (Unless you have made some filter of such sort). Policies can be carried over to exchange 2007. Just need to make certain changes and the same policy will thrive as it used to in the past.

0
 

Author Comment

by:osiexchange
ID: 22849380
I am not sure your last comment is correct. The policies we have in place now for Exchange 2003 are linked to specific Sites and/or Servers. When those servers are retired and Exchange is removed, the policy is no longer valid even if it is at the Organization level. In this senario, the policy is skipped and either the Default Policy is used or the Exchange 2007 policy, if one exists is used.
What changes are you referring to in your last line. I haven't tried yet, but is it possible to add an Exchange 2007 server to an existing 2003 policy. Probably not because there would be no reason to create Exchange 2007 policies if there were.

We have already had a few incidents where users were migrated from Exchange 2003 to 2007 and as soon as they were migrated, there old EAP no longer worked and they defaulted to the Default Policy and their SMTP address changed, since I don't have an Exchange 2007 policy in place yet. For these users, I was forced to uncheck the box that forces policies to be applied on the user properties.

That aside, I just don't care too much for Exchange 2007 policies because they limit the scope at which they can be applied. I can't target a specific server like in 2003. You are forced to populate AD attributes to get the filter to apply. That and you can only assign one email Domain per policy which means multiple policies if you support multiple Domain and that leads to yet another AD attribute to trigger off of. Its just a pain. Lastly, I don't like being forced to apply a policy, but now I am just whining.
0
 

Author Comment

by:osiexchange
ID: 22852391
OK, I stand corrected on something I said in the last post. You can add an Exchange 2007 server to an existing 2003 policy and it does seem to work. Is this a viable option instead of creating an Exchange 2007 EAP, or will the 2003 EAP eventually go away or break once 2003 is removed from the Organization for good? I like the flexibility of 2003 in that you can target specific servers and apply multiple Domains to one policy.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22853430
"is it possible to add an Exchange 2007 server to an existing 2003 policy."

I still am not clear on what are you talking about in this case - are you talking about creating mailboxes using ADUC and Exchange 2003 policy on Exchange 2007 (at least this what i can understand - correct me on this). I would prefer to comment only when you can clear my doubt. Thanks.

"Is this a viable option instead of creating an Exchange 2007 EAP, or will the 2003 EAP eventually go away or break once 2003 is removed from the Organization for good?"

Exchange 2003 policies would not work pretty good on E2k7. Especially when you remove the last box.
You can fool E2k7 box by copying certain attributes from E2k3 policies and show as if E2k7 new policy belongs to E2k7 with policy defined by E2k3.

But that isn't a supported practice.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:osiexchange
ID: 22853611
OK, I have a VM environment so I am not doing this in production. I modified an existing Exchange 2003 EAP using ESM and replaced the Exchange 2003 server with Exchange 2007. It let me do it but after that I had issues trying to move mailboxes so doing it this way is probably not a good idea as you mentioned. What I was saying in my earlier posts is my 2003 polices will most likely not be effective after the 2003 server and the entire 2003 Organization for that matter is gone and we are a native 2007 Org.
The policies point to Exchange 2003 servers and/or Admin Groups that will be removed so the polices won't work. That's why I said they will be deleted. Now, onto the Exchange 2007 EAP. I will need to create one to replace the 2003 policies. We are moving mailboxes from 2003 to 2007 and we had a few incidents where the users Primary SMTP changed to match our Default Policy and I have to believe its because the 2003 policy did not apply anymore after they were migrated to 2007. I am not clear as to why it was only a few specific users. I am just looking to create and Exchange 2007 policy that will apply to users after they are migrated to 2007 and just leave the 2003 polices behind and eventually remove them. I was just wondering what others are doing in this situation.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22853807
All the very best, other might not have such sophisticated policies which you would have in this case.

However, upon a bit of googling i found three links worth sharing with you.

http://msexchangeteam.com/files/12/attachments/entry442867.aspx
http://msexchangeteam.com/archive/2007/01/10/432143.aspx
http://msexchangeteam.com/archive/2007/03/12/436983.aspx
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 500 total points
ID: 22853811
0
 

Author Comment

by:osiexchange
ID: 22854015
Thanks. I took a quick look at these and they are similar to other ariticles I have read but I will check them out.  Most of it is about upgrading Address Lists and Policies to 2007 probably more for ease of management then anything else. I will most likely just create a 2007 EAP from scratch and not mess with my current 2003 EAP's. Then delete the 2003  policies when they are not needed anymore. I will eventually have to upgrade the Address Lists but I have all the defaults with no customs so this will be easy. Unless I am wrong, it appears to me that all this upgrading of 2003 policies is just an option in case you want to manage them from 2007.

What was and maybe still is confusing me is that of the 200+ users I have already migrated, only a few had their Priimary SMTP default to the Detault Policy. I then started think, well why did the other 200 I migrated move OK and keep their Primary SMTP address? The following line from an article in the second post may explain this:
"LDAP syntax filters are supported in Exchange 2007 and will exist only on objects that have been migrated from Exchange 2003 or earlier."
So, what I am reading from this is that even though the user was migrated from 2003 to 2007, their 2003 policy is still in effect? Nothing changed regarding their email addresses. Now, if I were to delete that 2003 Policy, they would default to the Default Policy and they would change. I then started to wonder why only those few users did change. What was different about them? Turns out before they existed on the 2003 server they were on before they were migrated, they existed on an earlier 2003 server that is no longer part of our Org. Yes, this server did, and still does, have a Recipient Policy associated with it, but the server is long gone. So maybe these few users were still somehow linked to this policy but it was ok on 2003, but not 2007. And thats what started the whole thing. I need to create a 2007 policy to replace my 2003 ones, hence my original post. I hope all this makes sense to you. Its all very confusing to me as to what I should or should not do.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 P2P 15 61
powershell script to query and delete emails 8 34
Import Cert issue 15 41
Error 450 sending internal mail 6 16
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now