Solved

Recipient Policy based on AD group membership

Posted on 2010-11-30
16
1,180 Views
Last Modified: 2012-05-10
Ok so I've got an AD Distribution group with 8 members.  Those members need an additional email alias, so I create a new Recipient Policy of which I Filter to that specific Dist group.  Add a new SMTP address and that's all I modify.  Once I hit Ok I see it in the list with a Priority of 5 and physically listed below the default domain one with a Priority of Lowest.  I am unable to move up or move this down as both options are greyed out.  Which I dont understand why.

So that was last week.. this policy has been created now for 5 days and those user accounts still do not have the new address alias.  My Recipient Update Service (domain and enterprise) are set to Always Run.

I bumped up the logging level to Maximum and my entire Application Log is full of MSExchangeAL entries and I have found entries specifically concerning this policy however I'm unsure of what to look for to determine why its not been added to those accounts.

Any help?
0
Comment
Question by:Ben Hart
16 Comments
 
LVL 19

Accepted Solution

by:
Delphineous Silverwing earned 250 total points
ID: 34248010
Make sure each of these users have the "Automatically update e-mail addresses based on e-mail address policy" enabled (checked).

What version of Exchange are you using?
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34248628
It's Exchange 2003 and yes all the user involved.. well all users in my domain really have that checked by default.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 34248694
Is this an address list or security group? It needs to be a security group, not a distro list. Also, set it to global to include your domain.

If this doesn't fix it, post up some of the errors you are getting.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 14

Author Comment

by:Ben Hart
ID: 34248876
OK I deleted and created a new Policy based off a security group containing the users in question.  Im not sure I understand the global part there...

And I never did get any actual errors.. the new email address alias's just never appeared on the specified domain accounts.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34248884
Oh wait.. the security group to global?  Yes it is Global in scope.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 34248915
Did you just create it? If so, right click on both RUS's and choose run/update now.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 34248931
Seems odd that you cannot change the order. I need to fire up a E2K3 box to check that out.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34251910
I had "just" re-created that one.. which now has been alive for around 2 hours.  The previous Policy lived for almost 5 days.. and the accounts were never updated with the extra address.  The new policy from 2 hours still has'nt updated anything either.

As a test I created a test user.. the default recipient policy added the two aliases as it should.. but the new one adds nothing.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34259760
Its been over 12 hours.. still not additional addresses on teh specified user accounts.
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 250 total points
ID: 34260184
My highest and lowest policy won't move either. Only when I create multiple policies did I get that choice.

did you right click on the policy and choose apply now? If so, copy the filter rules, and put it in a new saved query in AD users and computers. In the query definition, change it to custom, then advanced, and paste it in. It should find that group. If it doesn't, your filter is the issue.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34397154
Sorry it took so long to get back.  I did exactly as you said.  Created a new saved query, advanced, pasted in what my rec policy is using and it did return my global security group containing the user I want this policy to apply to.  However it's still not applying.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35018619
Sorry for the neglect dematzer, if you will cancel the close request I will award points.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018658
You can cancel the request yourself by clicking the accept answer button (I think) otherwise object and then it should appear.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35022187
No dice.. "This question already has an auto close request. You must cancel the previous request before creating another."
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35022193
Ahh Object appeared.  Thx.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
PHP contact form that lets the user to contact the company through email contact form. A button is fixed at the bottom of site, on clicking a new window will open where a user can send the email.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question