• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1197
  • Last Modified:

Recipient Policy based on AD group membership

Ok so I've got an AD Distribution group with 8 members.  Those members need an additional email alias, so I create a new Recipient Policy of which I Filter to that specific Dist group.  Add a new SMTP address and that's all I modify.  Once I hit Ok I see it in the list with a Priority of 5 and physically listed below the default domain one with a Priority of Lowest.  I am unable to move up or move this down as both options are greyed out.  Which I dont understand why.

So that was last week.. this policy has been created now for 5 days and those user accounts still do not have the new address alias.  My Recipient Update Service (domain and enterprise) are set to Always Run.

I bumped up the logging level to Maximum and my entire Application Log is full of MSExchangeAL entries and I have found entries specifically concerning this policy however I'm unsure of what to look for to determine why its not been added to those accounts.

Any help?
0
Ben Hart
Asked:
Ben Hart
2 Solutions
 
Delphineous SilverwingGood Ol' GeekCommented:
Make sure each of these users have the "Automatically update e-mail addresses based on e-mail address policy" enabled (checked).

What version of Exchange are you using?
0
 
Ben HartAuthor Commented:
It's Exchange 2003 and yes all the user involved.. well all users in my domain really have that checked by default.
0
 
Stacy SpearPresident/Principal ConsultantCommented:
Is this an address list or security group? It needs to be a security group, not a distro list. Also, set it to global to include your domain.

If this doesn't fix it, post up some of the errors you are getting.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Ben HartAuthor Commented:
OK I deleted and created a new Policy based off a security group containing the users in question.  Im not sure I understand the global part there...

And I never did get any actual errors.. the new email address alias's just never appeared on the specified domain accounts.
0
 
Ben HartAuthor Commented:
Oh wait.. the security group to global?  Yes it is Global in scope.
0
 
Stacy SpearPresident/Principal ConsultantCommented:
Did you just create it? If so, right click on both RUS's and choose run/update now.
0
 
Stacy SpearPresident/Principal ConsultantCommented:
Seems odd that you cannot change the order. I need to fire up a E2K3 box to check that out.
0
 
Ben HartAuthor Commented:
I had "just" re-created that one.. which now has been alive for around 2 hours.  The previous Policy lived for almost 5 days.. and the accounts were never updated with the extra address.  The new policy from 2 hours still has'nt updated anything either.

As a test I created a test user.. the default recipient policy added the two aliases as it should.. but the new one adds nothing.
0
 
Ben HartAuthor Commented:
Its been over 12 hours.. still not additional addresses on teh specified user accounts.
0
 
Stacy SpearPresident/Principal ConsultantCommented:
My highest and lowest policy won't move either. Only when I create multiple policies did I get that choice.

did you right click on the policy and choose apply now? If so, copy the filter rules, and put it in a new saved query in AD users and computers. In the query definition, change it to custom, then advanced, and paste it in. It should find that group. If it doesn't, your filter is the issue.
0
 
Ben HartAuthor Commented:
Sorry it took so long to get back.  I did exactly as you said.  Created a new saved query, advanced, pasted in what my rec policy is using and it did return my global security group containing the user I want this policy to apply to.  However it's still not applying.
0
 
Ben HartAuthor Commented:
Sorry for the neglect dematzer, if you will cancel the close request I will award points.
0
 
Glen KnightCommented:
You can cancel the request yourself by clicking the accept answer button (I think) otherwise object and then it should appear.
0
 
Ben HartAuthor Commented:
No dice.. "This question already has an auto close request. You must cancel the previous request before creating another."
0
 
Ben HartAuthor Commented:
Ahh Object appeared.  Thx.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now