Search filter change required for Recipient Policy
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the value for the purportedSearch attribute of each Exchange recipient policy object. The purportedSearch attribute indicates the search argument that is used when the policy is applied.
The Exchange Server Analyzer also queries Active Directory to determine the value for the msDS-Behavior-Version attribute of the forest object in Active Directory, NTDS Settings. This value indicates the Active Directory forest functional level. Valid values for the msDS-Behavior-Version attribute are shown in the following table.
|Value||Forest functional level|
Windows® 2000 Server mixed
Windows Server™ 2003 interim
Windows Server 2003 native
The Exchange Server Analyzer also queries Active Directory to determine the value for the revision attribute of the Windows2003Update container. The value of this attribute indicates whether the Active Directory preparation tool (ADPrep.exe) has been run.
Finally, the Exchange Server Analyzer queries the Win32_OperatingSystem Windows Management Instrumentation (WMI) class to determine the value of the OSProductSuite key. The value of the OSProductSuite key indicates the version of Windows running on the computer.
If the Exchange Server Analyzer finds the following criteria to be true, a warning is displayed:
The value of the purportedSearch attribute of the recipient policy contains (homeMdb=).
The Active Directory forest functional level is Windows 2000 Server mixed.
The Active Directory forest has been prepared for Windows Server 2003 domain controllers.
The Exchange Server computer is not running Microsoft Windows Small Business Server 2003.
This warning indicates that the Active Directory forest has been prepared for Windows Server 2003. To avoid e-mail address stamping issues when the Active Directory forest is upgraded to the full functional level of Windows Server 2003, you must modify the recipient policies. The affected recipient policy is specified in the Exchange Server Analyzer output.
If you use Windows Server 2003 as a domain controller and you do not update the recipient policy, linked value replication in Windows Server 2003 causes the Recipient Update Service to incorrectly write the e-mail addresses of new users.
Because of linked value replication, the Recipient Update Service may detect a new user for the first time between the time that mailnickname replicates and the time that homeMdb replicates. Therefore, the user would fall under the default policy at that time, instead of under the homeMdb-based policy. Several minutes later, when homeMdb replicates, the user would fall under the homeMdb policy. However, the user already would have addresses that match the default policy.
To correct this warning
Open Exchange System Manager.
Expand Recipients, select Recipient Policies, right-click RecipientPolicyName, and then click Properties.
On the RecipientPolicyName Properties page, on the General tab, under Filter rules, click Modify.
On the Find Exchange Recipients menu, select Custom Search. If the recipient policy was originally created by a custom search, the Find Custom Search page is displayed after you click Modify in Step 3.
Change the Lightweight Directory Access Protocol (LDAP) query so that the homeMdb attribute is not used as part of the filter condition. Attributes such as extensionAttribute, msExchHomeServerName, or UPN are valid arguments that may help you achieve the same search result.
Click OK two times to save the change, and then close Exchange System Manager.