We help IT Professionals succeed at work.

Mail policy issue - Adding additional mail domain SBS 2011

Dear all,

I'm working on adding an additional accepted mail domain to my SBS 2011 config.
Obviously I added the domain to accepted domains. OK!
I began with adding an extra OU for this domain. OK!
Then in the Exchange console I added an additional user in said OU. OK!
I created a new mail policy with correct domain suffix to be added to the users created in this specific OU. OK!
It doesn't apply, in my opinion, because Exchange doesn't see the correct OU membership for this user (check screenshot). NOK

When I go to the properties of the newly created user in the Exchange console, and check the 'member of' view, it's empty? I gather this is the reason why I don't get the correct domain suffix for the newly created user in the new OU.

Does anyone have an idea what I'm not doing correctly?

Your help is much appreciated!!
Watch Question

Kamalasekar ParthasarathyMessaging Support


By default if you create any user and it will not be display anybody under member of tab.

After create the email address policy.. did you applied immediately.. Pls confirm

Yes either this policy needs to be applied immediately or the user is not inheriting security permissions from the parent. Ensure the inherit permissions box is ticked on the security tab.


I did indeed apply immediately.

Ensuring the inherit permissions box is ticket. Where exactly will I find this security tab?


Furthermore, how do I ensure this happens (inherit permissions) for all newly created user in this specific OU?

It's the security tab of the user object you find in ad, the default is to inherit but if someone wanted specific permissions then someone might have switched this off.

Also check the address policies are being applied by recipient policy it's a tick box on the screen where all the email addresses are listed.
I've found out just now that I needed to adjust the priority to 1 in order to get it to work?

But weirdly enough, now all my other accounts (not in specified OU) gotten an extra mail address with this new mail domain suffix. Although not in bold which is good.
Is there a way to not get these extra domain suffixes for accounts that don't need them?
Would make sense to do this based on OU right?


Priority of the policy was the reason it didn't apply

Explore More ContentExplore courses, solutions, and other research materials related to this topic.