Solved

Recipient Policy based on AD group membership

Posted on 2010-11-30
16
1,179 Views
Last Modified: 2012-05-10
Ok so I've got an AD Distribution group with 8 members.  Those members need an additional email alias, so I create a new Recipient Policy of which I Filter to that specific Dist group.  Add a new SMTP address and that's all I modify.  Once I hit Ok I see it in the list with a Priority of 5 and physically listed below the default domain one with a Priority of Lowest.  I am unable to move up or move this down as both options are greyed out.  Which I dont understand why.

So that was last week.. this policy has been created now for 5 days and those user accounts still do not have the new address alias.  My Recipient Update Service (domain and enterprise) are set to Always Run.

I bumped up the logging level to Maximum and my entire Application Log is full of MSExchangeAL entries and I have found entries specifically concerning this policy however I'm unsure of what to look for to determine why its not been added to those accounts.

Any help?
0
Comment
Question by:Ben Hart
16 Comments
 
LVL 19

Accepted Solution

by:
Delphineous Silverwing earned 250 total points
ID: 34248010
Make sure each of these users have the "Automatically update e-mail addresses based on e-mail address policy" enabled (checked).

What version of Exchange are you using?
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34248628
It's Exchange 2003 and yes all the user involved.. well all users in my domain really have that checked by default.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 34248694
Is this an address list or security group? It needs to be a security group, not a distro list. Also, set it to global to include your domain.

If this doesn't fix it, post up some of the errors you are getting.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 14

Author Comment

by:Ben Hart
ID: 34248876
OK I deleted and created a new Policy based off a security group containing the users in question.  Im not sure I understand the global part there...

And I never did get any actual errors.. the new email address alias's just never appeared on the specified domain accounts.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34248884
Oh wait.. the security group to global?  Yes it is Global in scope.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 34248915
Did you just create it? If so, right click on both RUS's and choose run/update now.
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 34248931
Seems odd that you cannot change the order. I need to fire up a E2K3 box to check that out.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34251910
I had "just" re-created that one.. which now has been alive for around 2 hours.  The previous Policy lived for almost 5 days.. and the accounts were never updated with the extra address.  The new policy from 2 hours still has'nt updated anything either.

As a test I created a test user.. the default recipient policy added the two aliases as it should.. but the new one adds nothing.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34259760
Its been over 12 hours.. still not additional addresses on teh specified user accounts.
0
 
LVL 23

Assisted Solution

by:Stacy Spear
Stacy Spear earned 250 total points
ID: 34260184
My highest and lowest policy won't move either. Only when I create multiple policies did I get that choice.

did you right click on the policy and choose apply now? If so, copy the filter rules, and put it in a new saved query in AD users and computers. In the query definition, change it to custom, then advanced, and paste it in. It should find that group. If it doesn't, your filter is the issue.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 34397154
Sorry it took so long to get back.  I did exactly as you said.  Created a new saved query, advanced, pasted in what my rec policy is using and it did return my global security group containing the user I want this policy to apply to.  However it's still not applying.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35018619
Sorry for the neglect dematzer, if you will cancel the close request I will award points.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35018658
You can cancel the request yourself by clicking the accept answer button (I think) otherwise object and then it should appear.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35022187
No dice.. "This question already has an auto close request. You must cancel the previous request before creating another."
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 35022193
Ahh Object appeared.  Thx.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question