Solved

Exchange 2007 restrict recipients by storage group

Posted on 2011-03-07
23
648 Views
Last Modified: 2012-05-11
I need to restrict the max recipient value for members of a specific storage group in Exchange 2007, as opposed to changing the global value for all users.  Is there any way to do this ?

Thanks
0
Comment
Question by:cmdown
  • 10
  • 7
  • 4
  • +1
23 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 35055125
no it can be done only by hub server or by organization you can't do it per storage group
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35055133
This is not possible.
0
 
LVL 1

Author Comment

by:cmdown
ID: 35055528
Thank you both for your replies.  Given your comments, what would be the easiest way to achieve the desired result?
i.e.
Members of exchange storage group A, in AD security group 1 - no recipient restriction
Members of exchange storage group B, in AD security group 2 - max 5 recipients

Thanks
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35055533
As already said, without the use of third party tools (and I am not aware of any that do this) you cannot achive restrictions on a per sender basis.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35055576
what you should give a try is a hub transport rule that will reject emails for all members of distribution gtoupx if it has more then y recipients
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35055640
That's a possibility, see here for how to configure a Transport Rule: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_3222-Prevent-users-sending-external-e-mails-with-Transport-Rules.html

I have just checked though and it doesn't have the option to specify the amount of recipients.
0
 
LVL 1

Author Comment

by:cmdown
ID: 35055642
Thanks Akhater.  Any pointers / exemplar scripts on how to achieve this ?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 35055853
NO i am sorry it cannot be done using transport rules, so, as per my first comment, it cannot be done
0
 
LVL 1

Author Comment

by:cmdown
ID: 35055989
Hi Demazter

Thanks for that. I can't find/get to the transport rules tab / new transport rule action. Is it an additional snap-in?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35056000
it's not an additional snap-in but if you don't have the correct permissions you will not be able to see it, it's under organisation configuration > Hub Transport.
0
 
LVL 1

Author Comment

by:cmdown
ID: 35056325
I've gone back in as the domain admin and it's still not showing ...
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 1

Author Comment

by:cmdown
ID: 35056376
ignore last post - I've now got in and can see the link to add new transport rule
0
 
LVL 7

Accepted Solution

by:
PraveenBalan earned 250 total points
ID: 35056640
If you have the users in single organization unit(or any other unique parameter)

Get-Mailbox -OrganizationalUnit "paste the OU path" | Set-Mailbox -RecipientLimit 100
0
 
LVL 1

Author Comment

by:cmdown
ID: 35058320
Hi both

Thanks for all your help.  I've been able to create a basic rule that looks to a Mail enabled universal distribution group.  However, I am unable to find any rule criteria that allow me to set a maximum value for recipients to invoke the rule.
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 125 total points
ID: 35058386
As I said above, you cannot set the maximum recipients in the rule,
0
 
LVL 1

Author Comment

by:cmdown
ID: 35058575
Sorry demazter - I completely missed you comment after the suggested URL link
I suppose it also helps if your browser refreshes correctly :o). IE8 is not happy with the EE site today.

PraveenBalan has suggested using an AD OU group.  It would be possible to do this with some minor changes to our system to make sure we son't break group policies.  Any thoughts ?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35058832
I don't know, I have never tried it.  If u get chance I will try in my lab later today.
0
 
LVL 1

Assisted Solution

by:cmdown
cmdown earned 0 total points
ID: 35096542
Hi All

I have tested this and it works.  Created an OU called MailRestrictedUser, moved user to that OU.  Ran the following command in the exchange console:
Get-Mailbox -OrganizationalUnit MailRestrictedUsers | Set-Mailbox -RecipientLimit 2
Emails with 1 or 2 recipients go through, 3 or more are bounced by the mail server.

Having proved it works I just need to check what GPols apply where to OUs and I can lock down this menace once and for all.

Thank you to all.

If it is ok with everyone I propose a points split as shown below, as the solution isn't quite what I was looking for, and i some respects everyone was correct, but the solution presented by Praveen does provide a way forward.  
PraveenBalan : 250
demazter : 125
Akhater: 125

I do still wonder why Microsoft never thought that someone might want to do this in addition to restricting the attachment size / mailbox size etc.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35096553
the spplit sounds fair to me.
0
 
LVL 7

Expert Comment

by:PraveenBalan
ID: 35097169
Ofcourse fine with me too .. :), more than that it is good feeling that you have chosen the resolution.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 125 total points
ID: 35099984
if you don't want to break your GPO (which is quite normal) you can do it based on groups

get-distributiongroupmemebers GroupX | Set-Mailbox -RecipientLimit 100

the problem with this solution and the one of OU is that it will not apply to any new member you put in the group/ou and  it will not cease to apply if you remove a member from the group/ou

to solve the first part of the problem you schedule a task once per day to apply the above powershell

http://www.zerohoursleep.com/2010/04/how-to-run-exchange-ps1-script-as-scheduled-task/
0
 
LVL 1

Author Comment

by:cmdown
ID: 35108469
Thanks everyone.

I've run this as follows:

Get-Mailbox -ResultSize Unlimited -OrganizationalUnit mydomain.local/site/Users/UserGrpA | Set-Mailbox -RecipientLimit 5

The -ResultSize is as a result of EMCon returning a warning that it had only returned results for the first 1000 users.  Re-running the command with -ResultSize generated a whole host of warnings saying no action taken for that user but didn't complain about the number of users.
0
 
LVL 1

Author Closing Comment

by:cmdown
ID: 35321723
Thanks for the help.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now