Hi, I've been testing and using Exchange 2007 for a while now and my company is in the process of upgrading all our locations to Exchange 2007. My problem is that today we set up our first subdomain with Exchange 2007. This has worked fine (after we manually created the Routing Group connectors with exchange management shell...) but when I create a new user I have very limited options. Basically when creating a new userI cannot select the same UPN suffix with Exchange Management console as I can with AD users and computers. For an example: with AD users and computers I get a choice of <username> @topleveldomain.com or @sub.topleveldomain.com with Exchange 2007 I only get <username>@topleveldomain.com By the way, I have delegated the local domain admin to be a recipient administrator already. Can anyone tell me why (and hopefully how I can change it?)? It would be a real pain if I have to recommend that users are created using AD users and computers AND THEN MAILBOX ENABLED WITH EXCHANGE 2007...! Many Thanks, Joe

Well, Email address are generated based on the Email Address Policy that been implemented on your Exchange Server 200X, which includes 2007 as well. you will not have the option to chose which Email Address Policy or which Email Address to set for a user mailbox, the proper email address will be set for a mailbox based onEmail Address Policy. by default , there will be one Email Address Policy, and it is the Default Address Policyfor all your mailboxes when you install Exchange Server 2007, this policy will be based on the domain that your exchange server was installed under. for your case,this Default Email Address Policy includes your top level domain, which is the domain that your exchange server 2007isauthoritative for. to check yourEmail Address Policy Settings, youhavetwo ways: First way, is touseExchange Management Console - EMC: open EMC. go to Client Access Server under Organization Configuration. in the right side, browse "Email Address Policy" tab. if this is the default installation, then you will have one one Address Policy called default policy. right clickonthis policy and choose Edit. go through the wizard, and don't change anything, till you reach thethird screen, which called "Email Addresses", there you will find all the SMTP Addresses which will be assigned to all existing and new mailbox users. Second, Way, is to use Exchange Management Shell - EMS: from your exchange server 2007, open EMS. from EMs, type the following command: Get-EmailAddressPolicy | fl this command will list all your Email Address Policies that you have under your exchange organization. now , to get the SMTP addresses which is assigned by email address policy, assumes that you have only one email address policy, type the following command: Get-EmailAddressPolicy | fl Name, EnabledEmailAddressTemplates the output of this command should be something like this: Name : Default PolicyEnabledEmailAddressTemplates : {SMTP:%m@alankar.com, smtpalankar.local} (this output was takenfrom my virtual machines) now, if you want to host another domain and make it authoritative under your exchange organization, then you have to : create a new accepted domain for your new domain. create a new Email Address Policy which will add an SMTP aliases for all your users for your new domain, or off course you can limit the creation of this new SMTP for certain users , all this you can control it by Exchange. before i go further for the explaination, please let me know if the above steps where helpful for you to understand why your users does not take the smtp address for your child domain. now, if you need more explaination or help on your issue, please let me know. Regards Alaa

Hi Alaa, Thanks for replying to my problem. Unfortunately it is not the email address that is incorrect - its the domain suffix for the user account that I cannot change which I think is very different (or at least can be...) when you login to any windows resource you can either enter: domain\username or you can use the UPN (e.g. username@domainname) With our windows 2003 environment we have setup the users in our sub domains to have a UPN domain suffix of @sub.domain.com which is different from their email addresses. So my question is: "If I am to save time creating new users with Exchange 2007 I might as well use the Exchange Management console. Yet if I do this as the admin for a subdomain (e.g. sub.domain.com) I cannot select the same UPN suffix that all my other users have. I am forced to select the top level domain UPN. Even though when I create them in AD users and computers it has the correct UPN there!. Why?" All the best, Joe PS - I think Microsoft's documentation for companies with more than one AD site is really poor. We are spotting lots of problems that it appears just arent documented well. We really need a deployment guide for large organizations that is relevant to us - not just some toplevel overviews that dont really explain the concepts or give real world examples..

Well, when a user logon using UPN , it uses the active directory object, not exchange object, or not the mailbox SMTP address of the user, they might be the same, but the logon happens using active directory user properties, not exchange properties, or not exchange alias. now, it seems that you installed your Exchange 2007 under your root domain, not the child domain, and your child domain was not prepared for E2K7. i want you to do the following test while you create a mailbox for a new user: open EMC - Exchange Management Console. go to Recipient Configuration. right click Mailbox, and select New Mailbox. in the first page of the wizard , select new user, then click on next. under Organizational Unit, click browse. in the OU structure screen, do you see your child domain under your top level domain ? if yes, slecet any OU under your child domain to create the new user in. if you didn't see your child domain here, this means that your child domain was not prepared for E2K7, and you can't create a user mailbox for your child domain users. please let me know if this is the case you have, so i can proceed with the solution. most likely you need to prepare your child domain for E2K7, so you can create a mailbox for your child domain users. awaiting for your update. Regards,

Thanks Alaa, I ran all the setup.com /prepare stuff for all the subdomains (and root domain)and I can select an OU from this subdomain too. e.g. sub.domainname.com/users is fine for me to create new 2007 mailboxes in. Any more suggestions? Maybe I need to apply a mailbox policy? Many Thanks, Joe

what is your primary email domain that you recieve emails on ? the toplevel domain or the sub-toplevel domain ? in your case, for Exchange Server 2007, you have the Default Accepted domain is the Toplevel Domain Name, and it is the default, i you need to change it then you need to use the Command Shell to change this nature. just let me know what is your production email recieving domain ? is it the toplevel or the subdomain ? Regards

HI Alaa, All emails are received as the top level domain. The sub domain UPN suffix is only used by Active Directory. We have lots of sub domains so once we have this working we will need the same setup at each other subdomain. For example: Everyone at my company gets emails to username@companyname.com But everyone whos user account belongs to a subdomain will have AD accounts with the UPN suffix of: username@subname.companyname.com If I create the user with Active directory users and computers I get the correct UPN suffix. If i try with Exchange 2007 it only gives me the top level domain name for the UPN suffix for the user account. I cannot change this Cheers, Joe

I had the same issue when I rolled out 2k7 - All you have to do is click on recipient configuration and then change the recipient scope to point to the subdomain OU...

yes, but if he has one accepted domain, then all forest domains will follow this accepted domain. regardless where he created the mailbox. thats why i asked how many productions email domains your exchange is responsible for, does the root the child domains are productions email domains that your users recieves email on ? or not . if you recieve emails on your top level domain, then all the users will follow the SMTP domains based on the root domain, not the child domain.

Thanks very much Littlecat. That fixes it for any mailboxes I create at that time. It's a pain having to set it by pointing to a subdomain OU every time though. You would think MS might have tested that... To sum up: if I click on "change recipient scope" and select a OU within my already selected subdomain it changes the UPN suffix to be sub.domain.com which is what I want. The bad news is if I close the console it forgets this which isnt going to be very popular for all sub domain administrators at my company.! Thanks again, Joe