Solved

Problems applying secondary SMTP domain policy and applying to domain users alias's on Exchange 2007 Enterprise Server SP1

Posted on 2009-06-30
12
650 Views
Last Modified: 2012-05-07
Hi all.

We are running Exchange Enterprise 2007 server SP1 security update 8 and are preparing to change our domain name.

I want to be able to add a second SMTP domain for my Exchange server to listen for and have it assigned to my users.  

I have followed the steps found in this forum to create the new SMTP domain.

1.  Create an accepted domain and set the type to Authoritative, but not as Default.
     No problems
2.  Create E-mail Address Policy.  First tried  "All recipients types" .
     Default on conditions.  
     Added the accepted domain created earlier.
     Left the check box for E-mail address local part - Use Alias.
     Schedule Immediately.
          Watched as the process ran and appeared to apply to all users in my domain.
    Changed the priority to 2 and applied the policy.
          Watched as this process ran and it too appeared to apply to all of my users.

When I opened sample user properties -> E-Mail Addresses, I did not see the new accepted domain or email policy applied to the user's accounts.  Just the one from the "Default" policy.

When I run the Exchange shell command, Get-AcceptedDomain, I can see the newly created domain. I can see it as Authoritative and the default set to False.

Most users are set to automatically update e-mail addresses based on e-mail address policy.

I added the new domain to listen to in the "Default" policy and applied it to all of my users.  Still unable to see the new policy added to the user accounts.

I removed the new policy and accepted domain and retried the process with no luck.

I can manually add the SMTP to individual accounts with out problems (and email internally between the two different domains), but cannot get the policy to apply for all users in my domain at one time.

Any ideas?


0
Comment
Question by:TRFrye
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24746759
Users can only use ONE email policy at a time. You can create multiple email policies but the Mailboxes can only use ONE.

If you edit the Default to include your new domain, and then once you are ready to swap to the new domain you can edit again to set the new domain as the reply-to address.

OR

Create the new policy as you have done and then set all the mailboxes to use the second policy instead of the Default.

Shaun
0
 

Author Comment

by:TRFrye
ID: 24746963
Thanks for the super quick reply.

I had tried that in the past, but removed it when it didn't appear to work.  

I just  added the domain back to the "Default Policy" and re-applied it.  Still don't see it.  Shouldn't I see the domain added in the user's email addresses?

is there a refresh command that I need to run?  Do I need to remove the previous policy?  

I would like to be able to resolve both SMTP domains during the change over processes so as to not miss any email when I change the reply to domain.

How would I set the user's to use the second policy instead of the default?

0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24747040
You may need to restart several services to apply this change immediantly. Probably the Information Store service or the Tranpsort service will do the trick, I'd need to test to see which for certain.

Shaun
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:TRFrye
ID: 24747438
Shaun,

The only service that I have not restarted is the Exchange Active Directory Topology Service.  No updates to the user accounts.

Also, I only have the @domain2.com, not the %m@domain2.com.  Would I need to have the alias added here?
0
 

Author Comment

by:TRFrye
ID: 24749007
I restarted all the Microsoft Exchange services, but it did not update the Email addresses SMTP box
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24757586
Hi TRFrye,

Sorry for the delay.

If you have more than 1 Email address policy (other than Default which is always lowest priority) that would affect the same set of users, the one that has the LOWEST NUMBER in priority column will take precedence.

So if you change the priority of the new EAP to 1 it should take effect immediantly.

Also see Update-EmailAddressPolicy -Identity [nameofEAP] to manually force this through (but should not be necessary)

Shaun
0
 
LVL 27

Expert Comment

by:shauncroucher
ID: 24757619
To clarify the EAP used by the mailbox is determined by the Conditions / Exceptions of your EAP's in EMC. If there is only 1 Default policy ALL will use this. If you create another EAP, and you have set the conditions and exceptions to catch your users, they will be using that EAP.

This way using EAP, you can have multiple EAP's to affect different groups of users based on different criteria. Such as an EAP for users of one company SMTP address space, 1 EAP for another company SMTP address space etc.

Shaun
0
 

Author Comment

by:TRFrye
ID: 24762372
Shaun,

No problems.  Great information.  Out until Monday.

Just for clarification, I have three EAP's.  One is the default, obviously with the lowest.  Then I have current SMTP domain at level 1.  The third is the new SMTP domain and it is set to two.

In the default EAP, I have the active directy domain, @domain.local, the current SMTP domain, @SMTP.com, a department that wanted to be a join our domain, @department.com, and funally I added the @newSMTP.com domain.  

For some reason I created 2 EAP with the setting of 1 for the current SMTP domain and one for the new SMTP domain with the level of 2, thinking that I needed to do this.  No conditions have been set for either of the other 2 EAP's.

This server was migrated from previous releases of Exchange (5.5, 2000. 2003) to the current 07 version.  There are even X400 connections there that I do not believe that I need, but haven't removed.  

Do you belive that the other EAP's should be removed and just add the new SMTP domain to the default EAP and change the reply from there?  That should allow the the current SMTP domain to remain as an "alias" right?

Again, thanks for your assistance.  Got to up the point value on this one.

Thanks,
Rich

 
0
 

Author Comment

by:TRFrye
ID: 24762397
I created the extra EAP's prior to adding the new SMTP domain to the default.  Could that be the reason that I am not able to see the new domain for the user email address profiles?

Also, should I use the %m@newSMTP.com or just the @newSMTP.com?
0
 
LVL 27

Accepted Solution

by:
shauncroucher earned 400 total points
ID: 24774344
It should be fine to just use @newSMTP.com and by default it will use the login name for the alias. There is a helpful wizard that will guide you through what Alias to apply (Exchange alias / Display name / firstname.lastname etc.

This guide should assist: http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/managing-email-address-policies.html

Once you know that the EAP is being applied to your users by using a secondary EAP as a test on a single account I would personally just remove ALL of your custom EAP's at that stage and amend the default to have the new SMTP address as the Reply to (it keeps things nice and simple). Then you may need to run the Update-EmailAddressPolicy command, but every time I have run this it will just apply to all recipients.

Check that your recipients are set to Automatically update via policy by following the article attached.

Let me know how you get on

Shaun
0
 

Author Closing Comment

by:TRFrye
ID: 31598396
Shaun,

Thanks for all the expert information.  It was extremely helpful and worked like a champ.

0
 

Author Comment

by:TRFrye
ID: 24784445
I would like to clarify what I did to resolve this issue, with Shaun's assistance.

I removed the extra group policies that I thought that I had needed, @SMTP.com, and @newSMTP.com.  My default EAP contained the @SMTP.com address for our domain.

I ran the wizard on the default policy and added the @newSMTP.com.  I left the @SMTP.com as my "Set as reply" so that I can start receiving Email from the @newSMTP.com domain also.

The wizard ran to completion without error and I was able to check random user accounts and have noted that the additional domain had been added.

Since Exchange will listen to only one domain at a time, the other two domains that I had created appeared to keep the default EAP from updating.  Removing those and re-applying the default appeared to resolve the issue.

Thanks Again!!!
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In-place Upgrading Dirsync to Azure AD Connect
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question