Recipient Policies and AD Applications

Posted on 2011-04-28
Last Modified: 2012-08-14
I have a question about recipient policies and applications that use Active Directory to authentication. We are about to change the default recipient policy in exchange 2000 and add a new recipient policy for a new set of users.
My question is, how will modifying default recipient policy affect Active Directory if all we do is a new SMTP address to it? Will it affect user log ons? Will it affect other applications that user AD?

As I understand it , changing the default policy affects AD globally, so in case it does_not  do what we want it to (although we´ve tested in a lab several times over) how can we roll-back the changes if we need to?
What should we consider before touching the recipient policies?

Thank you
Question by:mechanicus01
    LVL 16

    Expert Comment

    you can apply new addresses using recipient policies, but you cannot remove them.  Keep this in mind.

    Your best bet is to create a NEW policy and restrict it to users in a specific OU or Group.  Then TEST TEST TEST, before deploying live.

    Recipient policies have no impact on AD authentication.

    LVL 8

    Expert Comment

    Changing the SMTP addresses of a user account will not affect user logon names or any permissions set against the user objects or it's group membership.
    What other applications that use AD do you have? You would only need to be wary of an application looking for a certain SMTP address format which may no longer be there for new accounts.

    LVL 1

    Author Comment

    Thank you both for your comments.

    Enphyniti:  what can´t newly added addresses be removed?

    stuartgcameron:  We have a few applications that we developed in-house but none write to AD, they read-only apps.

    What can you guys tell me about rolling-back the recipient policy modifications in case we have a problem when deploying? We plan to add a new SMTP Address  and delete the Primary SMTP address from the default policy, then create a new recipient policy with the deleted "authoritative" SMTP Address we deleted from the default policy. This so we can share the smtp namespace. Question is, how can we roll-back the changes ? Can we just re-create the deleted addresses and undo the added ones?

    Thank you
    LVL 16

    Accepted Solution

    They can, but not via policy.  Removing them from the policy will only prevent the addresses from propagating to new users.  It will not remove the existing addresses from users.  Email Address Policies addresses this issue in 2010.

    IE:  removing a policy will leave all the addresses it created so you cannot 'remove the primary address' using recipient policies.  You can change it to be a new primary, but you cannot remove it.

    It doesn't sound like you are trying to remove address from your existing users though... just change default behavior going forward, so you should be fine.  Also, you're not going to break anything if you make a mistake except auto-address generation, which should be easy to resolve.
    LVL 1

    Author Closing Comment

    Thank you!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    Easy CSR creation in Exchange 2007,2010 and 2013
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now