Exchange Email Address Policy

Simon,

Thank you for your reply. I just tried the above command to remove the default policy but I receive the error:

The operation couldn't be performed because object 'default policy' couldn't be found on dc.domain.local (name of the dc)

If you run

get-emailaddresspolicy "default policy" –includemailboxsettingonlypolicy  | select identity, version

what comes back? (I am doing it off memory, so if nothing comes back, do | fl instead and then look for version).

That will show whether it is a policy created by Exchange 2003 or 2010.

I expect this is going to require an adsiedit hack.

Simon.

Here are the outputs. The FL ended up telling me it was legacy.



[PS] C:\Windows\system32>get-emailaddresspolicy "default policy" -includemailboxsettingonlypolicy  | select identity, ve
rsion

Identity                                                    version
--------                                                    -------
Default Policy


[PS] C:\Windows\system32>get-emailaddresspolicy "default policy" -includemailboxsettingonlypolicy  | FL


RunspaceId                        : 0d534552-fea8-44af-addf-5aa941e23bbe
RecipientFilter                   :
LdapRecipientFilter               : (mailnickname=*)
LastUpdatedRecipientFilter        :
RecipientFilterApplied            : False
IncludedRecipients                :
ConditionalDepartment             : {}
ConditionalCompany                : {}
ConditionalStateOrProvince        : {}
ConditionalCustomAttribute1       : {}
ConditionalCustomAttribute2       : {}
ConditionalCustomAttribute3       : {}
ConditionalCustomAttribute4       : {}
ConditionalCustomAttribute5       : {}
ConditionalCustomAttribute6       : {}
ConditionalCustomAttribute7       : {}
ConditionalCustomAttribute8       : {}
ConditionalCustomAttribute9       : {}
ConditionalCustomAttribute10      : {}
ConditionalCustomAttribute11      : {}
ConditionalCustomAttribute12      : {}
ConditionalCustomAttribute13      : {}
ConditionalCustomAttribute14      : {}
ConditionalCustomAttribute15      : {}
RecipientContainer                :
RecipientFilterType               : Legacy
Priority                          : Lowest
EnabledPrimarySMTPAddressTemplate : @theoceancountylibrary.org
EnabledEmailAddressTemplates      : {smtp:@library.ocl, SMTP:@theoceancountylibrary.org, X400:c=US;a= ;p=OCLMAIL;o=Exch
                                    ange;}
DisabledEmailAddressTemplates     : {}
Enabled                           : True
HasEmailAddressSetting            : False
HasMailboxManagerSetting          : False
NonAuthoritativeDomains           : {}
AdminDescription                  :
AdminDisplayName                  :
ExchangeVersion                   : 0.0 (6.5.6500.0)
Name                              : Default Policy
DistinguishedName                 : CN=Default Policy,CN=Recipient Policies,CN=OCLMAIL,CN=Microsoft Exchange,CN=Service
                                    s,CN=Configuration,DC=LIBRARY,DC=OCL
Identity                          : Default Policy
Guid                              : b6c0453f-3ed9-4e6b-a431-f18e729d1dba
ObjectCategory                    : LIBRARY.OCL/Configuration/Schema/ms-Exch-Recipient-Policy
ObjectClass                       : {top, msExchGenericPolicy, msExchRecipientPolicy}
WhenChanged                       : 1/12/2015 1:58:36 PM
WhenCreated                       : 6/25/2007 3:33:37 PM
WhenChangedUTC                    : 1/12/2015 6:58:36 PM
WhenCreatedUTC                    : 6/25/2007 7:33:37 PM
OrganizationId                    :
OriginatingServer                 : TRLIB2.LIBRARY.OCL
IsValid                           : True



[PS] C:\Windows\system32>get-emailaddresspolicy "default policy" -includemailboxsettingonlypolicy  | select identity, ve
rsion

I also attempted to delete one of my distribution groups and re-add it but it created it with the @oceancountylibrary.org when it is missing "the" in the domain name. It looks like the policy has some old stuck info in it.

Another piece to the puzzle:

Then in the EMC and I go to E-mail Address Polices the default policy isn't listed there. I can only see that using the shell. In the EMC I get this message:

Recipient policy objects that don't contain e-email addresses won't be shown unless you include the IncludeMailboxSettingOnlyPolicy parameter in the Get-EmailAddressPolicy cmdlet

It is as I suspected - an old Exchange 2003 Recipient Update Services policy, which wasn't removed correctly during the removal of Exchange 2003.

One last thing to try...

Set-EmailAddressPolicy “Default Policy” -IncludedRecipients AllRecipients

Then see if that allows you to do anything. If it doesn't, then it is ADSIEDIT I am afraid.

http://blogs.msmvps.com/expta/2011/06/13/fix-for-quot-default-policy-quot-with-mailbox-manager-settings-cannot-be-managed-by-the-current-version-of-exchange-management-console/

- In the Configuration container, navigate to CN=Recipient Policies,CN=<Exchange Org>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain>,DC=<com>
- In the middle pane, view the properties of the Default Policy.
- Remove the value(s) of the MsExchMailboxManagerFolderSettings attibute so that it’s now <Not Set>
- Edit the MsExchPolicyOptionList attribute and remove all the attributes that do not begin with 0xfc.  The policy that begins with 0xfc is the email addressing policy.

Then repeat the upgrade command I have outlined above.
I would then probably delete the policy.

Simon.

Well the good news since we last spoke is that I found an article online that basically outlined what you mentioned above and I was able to restore the default policy into the EMC and perform the upgrade to it. With that said I am now back to just the distribution group problem. For some reason if try to send mail to a group that was created years ago on the legacy 2003 exchange box, the messages are going to the old domain missing "the" in front of it. In the smtp properties the correct domain is showing and is also set to the default and when I look at the message in the Exchange 2010 Delivery Reports tool I get this:

The e-mail address for recipient "admin@thedomain.com was updated to the e-mail address "admin@domain.com". and it looks like it is trying to go outbound since we technically don't have that domain anymore and it isn't in the list of accepted domains.

Now I opened up ASDI on that particular distribution group and I found that the targeted address was set to admin@domain.com. I edited it to say admin@thedomain.com and exchange seems to pass the message off to our Barracuda and then back to the Exchange box and it is stuck in the queue showing as a loop.

Any ideas on where to look for that?

Have you actually deleted the old email address policy? If not, then I would do that to begin with.
Once you have done that, give the domain time to replicate the change, then apply your other email address policy. That should update all of the mail enabled objects with the address from the live domain.

Simon.

When I try to delete it, I get an error basically saying that I can't delete the default policy.

So I am trying a different solution, I took one of my distribution groups and disabled it in the Exchange 2010 EMC and tried to recreate it and when I do that I am now getting bounce backs saying #550 5.1.1 Resolver.ADR.RecipNotFound; not found ##

looking in ASDI the group has old Exchange Attributes. I try to delete them but when I recreate the group they seem to come back. Is there anyway I can delete all the Attributes and basically create a new Exchange group from the current AD group?

That makes sense.
Is the default policy applied? If not, then leave it like that.
Furthermore the policy level should be set to "Lowest" with one or more policies set higher.

By strict best practises, the policy domain should match your internal Windows domain - so if your domain is example.local, then that is what the default policy is set to, and is then no longer touched.

Simon.

Okay, so I managed to fix most of my distribution groups by doing this:

1) checking the groups attributes in AD, if the group contains a targeted address attribute it seems to have it in this format xx@domain.com and it is missing the word the. If this is the case then I know I have to proceed to do the following

2) disable the group in the Exchange EMC

3) Use ADEditor and remove all the Exchange sttributes

4) Recreate the distribution group in the EMC and select existing group

5) Add an X500 address that points to the legacyExchangeDN attribute

6) Once I did that to all I updated the Address Book and had the Outlook clients download a new copy. Mostly everyone can now send email to the groups. Some still had to delete the cached address that came up.

My only problem now is still, some of my OWA clients are having trouble sending to some of the groups. Some users can send to a particular group and some get a bounce back that has the X500 5.1.1 error. I have tried deleting the users cache in IE and that still isn't working. Correct me if I am wrong but OWA users use the Address Book that is on the server right? I am lost why some users would still have trouble and some aren't sending e-mailto the same group. Would you have any ideas?