Search filter change is required for Recipient Policy

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2006-02-21

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the value for the purportedSearch attribute of each Exchange recipient policy object. The purportedSearch attribute indicates the search argument that is used when the policy is applied.

The Exchange Server Analyzer also queries Active Directory to determine the value for the msDS-Behavior-Version attribute of the forest object in Active Directory, NTDS Settings. This value indicates the Active Directory forest functional level. Valid values for the msDS-Behavior-Version attribute are shown in the following table.

Value Forest functional level

0

Microsoft Windows® 2000 Server mixed

1

Microsoft Windows Server™ 2003 interim

2

Windows Server 2003 native

The Exchange Server Analyzer also queries Active Directory to determine the value for the revision attribute of the Windows2003Update container. The value of this attribute indicates whether the Active Directory preparation tool (ADPrep.exe) has been run.

Finally, the Exchange Server Analyzer queries the Win32_OperatingSystem Windows Management Instrumentation (WMI) class to determine the value of the OSProductSuite key. The value of the OSProductSuite key indicates the version of Windows that is running on the computer.

If the Exchange Server Analyzer finds the following criteria to be true, the Exchange Server Analyzer displays a warning:

  • The value of the purportedSearch attribute of the recipient policy contains homeMdb.

  • The Active Directory forest functional level is Windows Server 2003 interim or Windows Server 2003 native mode.

  • The Exchange Server computer is not running Microsoft Windows Small Business Server 2003.

This warning indicates that the Active Directory forest has been prepared for Windows Server 2003. To avoid e-mail address stamping issues when the forest is upgraded to Windows Server 2003 full functionality level, a modification to the recipient policies is required. The affected recipient policy is specified in the Exchange Server Analyzer output.

If Windows Server 2003 is used as a domain controller and the recipient policy is not updated, linked value replication in Windows Server 2003 causes the Recipient Update Service to incorrectly write the e-mail addresses of new users. The first time the Recipient Update Service sees the user, it may be between the time that mailnickname replicates and the time that homeMDB replicates, due to linked value replication. Therefore, the user would fall under the default policy at that time, instead of under the homeMDB-based policy. A few minutes later, when homeMDB replicates, the user would fall under their homeMDB policy. However, the user already would have addresses that match the default policy.

To correct this warning

  1. Open Exchange System Manager.

  2. Expand Recipients, select Recipient Policies, right-click RecipientPolicyName, and then click Properties.

  3. On the RecipientPolicyName Properties page, on the General tab, under Filter rules, click Modify.

  4. On the Find Exchange Recipients menu, select Custom Search. If the recipient policy was originally created by a custom search, the Find Custom Search page is displayed after you click Modify in step 3.

  5. Change the Lightweight Directory Access Protocol (LDAP) query so that the homeMdb attribute is not used as part of the filter condition. Attributes such as extensionAttribute, msExchHomeServerName, or UPN are valid arguments that may help you achieve the same search result.

  6. Click OK to save the change, and then close Exchange System Manager.