Solved

Transport rule not working in Exchange Online Protection

Posted on 2013-11-18
12
1,462 Views
Last Modified: 2013-11-21
I use Exchange Online Protection and I am trying to configure a transport rule that will route email through a specific outbound connector. I have a default outbound connector and it works fine. I used these commands to create a second outbound connector and a rule to route email through it:

New-OutboundConnector -Name AMER -ConnectorType OnPremises -IsTransportRuleScoped $true -UseMXRecord $false -SmartHosts "123.45.67.89"

New-TransportRule -Name "Route to AMER" -RecipientADAttributeContainsWords "Country:United States" -RouteMessageOutboundConnector "AMER"

Set-TransportRule "Route AMER" -PrependSubject "AMER ROUTE"

So basically, if the recipient's country field equals "United States", the email should be routed through the AMER outbound connector and the subject prepended with the text "AMER ROUTE"

It doesn't work. I double-checked the mailbox's country attribute and it is set to United States. The mail is delivered but it is not prepended with "AMER ROUTE", meaning it is routing via the default outbound connector instead.

What am I missing?

Thank you.
0
Comment
Question by:cyberleo2000
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 9

Expert Comment

by:David Carr
ID: 39656937
Be sure you are using the IP address of the destination server
0
 

Author Comment

by:cyberleo2000
ID: 39656951
yes, that is how I have the outbound connectors configured.
0
 
LVL 9

Expert Comment

by:David Carr
ID: 39656953
0
 

Author Comment

by:cyberleo2000
ID: 39656964
That the exact article I followed. when it didn't work the first time, I deleted the transport rule and connector and recreated them using powershell. But it still does not work.
0
 
LVL 9

Expert Comment

by:David Carr
ID: 39657025
could be a problem with the attributes used to identify US. You have to update the c, co and CountryCode at the same time and with the correct values:
 
c (Country-Name): ISO-3166 2-digit string value
co (Text-Country): Open string value
countryCode (Country-Code): ISO-3166 Integer value

Can you verify what all three are set to?
0
 

Author Comment

by:cyberleo2000
ID: 39657041
I'm sorry but I don't see how those other attributes come into play here. EOP is looking specifically at the County AD attribute which you can set via ADUC or Exchange Mgmt. Console. See attached screenshot. thank you.
eop.jpg
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39657394
Looks fine to me, bear in mind that it takes some time to replicate the rules before they become active. Test it with the other option, SenderADAttributeMatchesPatterns and include something like country:*, or simply test with other attributes to make sure it's picking up correctly.

Also check your other rules, you might have some of them configured with the "Stop processing more rules" option.
0
 

Author Comment

by:cyberleo2000
ID: 39657514
stop processing other rules is set to false on all rules, i'm testing with other attributes
0
 
LVL 4

Expert Comment

by:mukulag
ID: 39659100
Are you doing a AD sync? EOP will not have any clue of your recipients AD attributes unless you do a AD sync as well.
0
 

Author Comment

by:cyberleo2000
ID: 39659597
yes, all my mailboxes are synced in to Office365 and I have confirmed the Country field is correctly populated
0
 
LVL 4

Expert Comment

by:mukulag
ID: 39659634
Then I see just two probabilities

1. The attribute is called different in the synced data
2. It is a bug in EOP (for e.g. the page size parameter is documented incorrectly in EOP, ToIPAddress and FromIPAddress switches do not work in Get-MessageTrace cmdlets etc).

You may want to ask MS the same (If you have recently switched to EOP then you may have access to IPM - Implementation Project Manager - from MS who may be able to help you).
0
 

Author Comment

by:cyberleo2000
ID: 39665930
we've changed the attribute that the rule uses from Country to UserLogonName. This attribute is different depending on what region of the world our employee is in. The rules work perfectly now.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now