<div>
This issue, the problems, and solutions are discussed here: <a href="http://support.microsoft.com/kb/304516" rel="ugc nofollow">http://support.microsoft.com/kb/304516</a><br />
<br />
This is a feature of Exchange 2007/2010, by the way. It's easy to do there.
</div>


<div>
ok - what version of exchange are you using ?
</div>


<div>
Yes, Michael B - that is the same link I referenced in my original post - It appears the only way to have this work is to query the GC - I am not sure how to query GC - Any help is greatly appreciated -
</div>


<div>
Sorry, your original post must be a different question. Your question above doesn't reference the KB article I listed.<br />
<br />
I think the KB article is very clear. If you are going to use a group in your filter, then every time that the group membership changes, you must force a rebuild of that Recipient Policy.<br />
<br />
I suspect you may be misinterpreting the statement &quot;you must query against a group catalog&quot;. It doesn't alter my statement above. The &quot;you must query against a group catalog&quot; means that the server hosting the Recipient Update Service for a particular Active Directory domain must be a GC server. And, of course, if you only have a single Active Directory domain in your forest (like 99%+ of the world), then it doesn't matter whether you query a regular DC or a GC.
</div>


<div>
I think we are saying the same thing - but your right i did not list the KB but was referring to the same article when I spoke of &quot;memberof was not an attribute and is only discovered &quot;on the fly&quot; when queried&quot; in orginal post -<br />
<br />
At this point I'll need to research on how one goes about querying the GC in order to achieve goal - 
</div>


<div>
As I said above: The &quot;you must query against a group catalog&quot; means that the server hosting the Recipient Update Service for a particular Active Directory domain must be a GC server.
</div>


<div>
can you offer any help where to find help on how I can query against the group??
</div>


<div>
Thank you Michael b smith<br />
<br />
Question 1 - recipient update services are already in place pointed to a group catalog server (our PDC), if I rebuild, do I rebuild both and does a rebuild cause issues if done during business hours?<br />
<br />
Question 2 - attached is a screenshot of the recipient policy using the advanced tab, my question is how or what is easiest way to write an ldap query to show members of the security group users are apart? - <br />
<br />
Sorry for the confusion <br />
<a href="https://filedb.experts-exchange.com/incoming/2010/09_w38/348026/Ldap.doc" target="_blank" class="file-inline" title="screenshot of ldap query (30 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Ldap.doc</a>
</div>


Ldap.doc

<div>
I got the ldap query to work w/ nested OU's but even after altering the group it does appear a rebuild of the recipient policy is needed - although running the query returns new members, the report generated from the system attendant does not reflect the newest memebers mailbox - I even ran &quot;update now&quot; on the recipient update service w/ no luck - <br />
<br />
I am somewhat hesitant about &quot;rebuilding&quot; the RUS not knowing which of the (2) to run or what the implications are when doing this like exchange performance, etc
</div>


<div>
i have recipient policy set to update constantly - a litte slow but avoids the rebuld - 
</div>


<div>
rebuild is not necessary and found ldap query myself - 
</div>


<div>
<div class="content wysiwyg-content">
My goal is to setup a recipient policy (mailbox mgr) to delete emails from certain accts based on group membership - However when creating the filter, filtering group memebership never works - I can get filter and recipient policy to work using OU and single users - AD is structured in a way where I dont want to move accts to a spefiic OU and I dont want to create multiple policies to achieve (1) goal - <br />
<br />
Can someone please inform me the correct steps to achieve this goal <br />
<br />
I read something about &quot;memberof&quot; was not an attribute and is only discovered &quot;on the fly&quot; when queired which if true would be a reason but there has to be a way - <br />
<br />
<br />
<br />

</div>
</div>


My goal is to setup a recipient policy (mailbox mgr) to delete emails from certain accts based on group membership - However when creating the filter, filtering group memebership never works - I can get filter and recipient policy to work using OU and single users - AD is structured in a way where I dont want to move accts to a spefiic OU and I dont want to create multiple policies to achieve (1) goal - 

Can someone please inform me the correct steps to achieve this goal 

I read something about "memberof" was not an attribute and is only discovered "on the fly" when queired which if true would be a reason but there has to be a way - 





How to setup a recipient policy using group membership

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.

Email Servers

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.