I've just completed a migration of 300 users to Exchange Online from Exchange 2007.  I've got an on-prem Hybrid Server (Exchange 2013) along with a DirSync server.  I now want to decommission the Exchange 2007 server infrastructure.

The problem is the legacy (Exchange 2003) Email Address Policies on the Exchange 2007 Server.  There are several Policies and they are all unwanted including the default Email Address Policy which applies incorrect attributes.

My question is this: Can I simply delete ALL Email Address Policies on the Exchange 2007 server?  I can view the policies on the 2013 Hybrid server.  They cannot be edited on the 2007 Exchange server without first being upgraded, but I seem to be able to delete them (successfully delete 2 that are known to be obsolete).

I've read TechNet articles about upgrading the Policies but I'm concerned that incorrect attributes will be applied in the process of upgrading. I'd prefer to just delete them.  Is there anything I should know before deleting the Default Email Address Policy, or any other Email Address Policy?  I assume I can just create a new Default Email Address policy on the Exchange 2013 server once the defunct legacy Policies have been deleted.  Is this correct?

Yes, you can.

Yes, you can, except for the Default policy, which you should update.

Hi jott,

You can delete these email address polices directly.

However, you should notice the following notes before deleting :

1.You cant delete the default policy. If you want to delete the default policy, you must first assign a different policy as the default.

2.If the email address policy youre deleting contains more than 3,000 recipients, you should use the Shell to perform this procedure.

Best regards,

Thanks for the reply.  I understand that I need to create a new Default Policy before I delete the legacy Policies (then I would apply the new Default policy).

We have 3 accepted domains -- call them A.com, B.com and C.com -- but only one sees any adds/changes.   So I want the new Default Policy to have no effect on the B or C domain, only the A domain.

Unsure about my syntax, but would something like this work:

New-EmailAddressPolicy -Name 'Default_new' -EnabledEmailAddressTemplates 'SMTP:%m@A.com' -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (EmailAddress -eq '*@A.com)}

My concern is that existing email accounts will have their addresses changed to something incorrect when this is applied.  The policy is really only needed for new account creation.

(this is jott 219, by the way - account problem...)

• Edited by jott220 15 hours 11 minutes ago

You can just update the default policy and modify it as you please.  The rest you can delete.  (I've modified my original answer.)

https://technet.microsoft.com/en-us/library/aa996869%28v=exchg.150%29.aspx?f=255&MSPPError=-2147217396

The existing Default Policy is a 2003 legacy policy that I cannot update (unless I upgrade LDAP Filters to OPATH Filters).

Is it possible to create a new EAP, make that the default, then delete everything else, including the old Default Policy?  As mentioned, the existing Default policy assigns the wrong email address - if it got applied to all users it would be a disaster.

As for the New-EmailAddressPolicy cmdlet, I understand the -EnabledEmailAddressTemplates parameter (new accounts use this), but I'm unsure about the -RecipientFilter parameter.  What can I filter on?  Stuff in AD?  An OU?  What if I were to move/create a user in a different OU? Would that break my Recipient Filter?

I've seen examples like this: (Company -eq MyCompany) -and (RecipientType -eq UserMai1box))

But where is data for "Company" coming from?

*UPDATE*

I just discovered this TechNet article:

Filterable properties for the -RecipientFilter parameter

It looks like I would use {(ActiveSyncMailboxPolicy -eq 'CN= ...)} to filter on an Organizational Unit.

Is there a best practice regarding which filterable parameter to use?

• Edited by jott220 14 hours 4 minutes ago

The problem is I cannot change it or modify it because it's a legacy 2003 policy.  If I can just create a new one I think that will get me out of the woods.  But your suggestion to just create a simple one gives me an idea: could I just create an empty policy that does nothing -- and use that as the new default?  My concern is that my new policy does not foul up any existing email addresses.  If I could turn off EAPs altogether I would.

New-EmailAddressPolicy -Name 'Default_new' -EnabledEmailAddressTemplates 'SMTP:%m@mycompany.mail.onmicrosoft.com { (RecipientType -eq 'UserMailbox') }

Get-mailbox | Set-Mailbox  $_.Identity -EmailAddressPolicyEnabled $false

Will this command effectively prevent the Default email address policy from being applied?

Then, if I run this command:

Set-EmailAddressPolicy "Default Policy" -IncludeRecipients AllRecipients

Will this upgrade the errant legacy Default Email Address Policy without risk of it being applied and affecting existing email addresses?

Thanks for the reply.  I understand that I need to create a new Default Policy before I delete the legacy Policies (then I would apply the new Default policy).

We have 3 accepted domains -- call them A.com, B.com and C.com -- but only one sees any adds/changes.   So I want the new Default Policy to have no effect on the B or C domain, only the A domain.

Unsure about my syntax, but would something like this work:

New-EmailAddressPolicy -Name 'Default_new' -EnabledEmailAddressTemplates 'SMTP:%m@A.com' -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (EmailAddress -eq '*@A.com)}

My concern is that existing email accounts will have their addresses changed to something incorrect when this is applied.  The policy is really only needed for new account creation.

(this is jott 219, by the way - account problem...)

• Edited by jott220 Monday, May 04, 2015 4:13 PM

The existing Default Policy is a 2003 legacy policy that I cannot update (unless I upgrade LDAP Filters to OPATH Filters).

Is it possible to create a new EAP, make that the default, then delete everything else, including the old Default Policy?  As mentioned, the existing Default policy assigns the wrong email address - if it got applied to all users it would be a disaster.

As for the New-EmailAddressPolicy cmdlet, I understand the -EnabledEmailAddressTemplates parameter (new accounts use this), but I'm unsure about the -RecipientFilter parameter.  What can I filter on?  Stuff in AD?  An OU?  What if I were to move/create a user in a different OU? Would that break my Recipient Filter?

I've seen examples like this: (Company -eq MyCompany) -and (RecipientType -eq UserMai1box))

But where is data for "Company" coming from?

*UPDATE*

I just discovered this TechNet article:

Filterable properties for the -RecipientFilter parameter

It looks like I would use {(ActiveSyncMailboxPolicy -eq 'CN= ...)} to filter on an Organizational Unit.

Is there a best practice regarding which filterable parameter to use?

• Edited by jott220 Monday, May 04, 2015 5:20 PM

Fixed - summary below

Problem Description:  After upgrading to Exchange 2013, legacy email address policies (2003) exist and cannot be edited.  The Exchange System Manager in Exchange 2003 is the only way to edit these objects unless they are upgraded to an Exchange Server 2007 objects.

The Default EAP (which cannot be deleted) was also un-editable and was applying incorrect/obsolete email information.  Several other defunct EAPs were able to be deleted. The concern with the Default EAP was that if applied to existing users, it would create serious problems and interrupt mail flow.

Finally, it should be noted that this is a hybrid environment.  Customer has a hybrid on-prem Exchange 2013 server with remote mailboxes hosted on Office 365.

Solution:

1. Exclude all mailboxes from automatic update of their recipient policy settings - including Email Address Policies

$mbx = Get-Mailbox

$m = foreach ($m in $mbx) { Set-Mailbox -Identity $m.Identity -EmailAddressPolicyEnabled $false }

$rmbx = Get-RemoteMailbox

$r = foreach ($r in $rmbx) { Set-RemoteMailbox -Identity $m.Identity -EmailAddressPolicyEnabled $false }

2. Upgrade the legacy Default EAP

Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients

3. Update Default EAP with correct settings

Update-EmailAddressPolicy -Identity "Default Policy" -EnabledEmailAddressTemplates 'SMTP:%m@mydomain.com' -IncludedRecipients AllRecipients

4. Create additional EAP for Office365

Set-EmailAddressPolicy Office365 -EnabledEmailAddressTemplates SMTP:%m@mycompany.mail.onmicrosoft.com -RecipientFilter { (RecipientType -eq 'UserMailbox') }

One concern: the "Office365" EAP is applied to 'UserMailBox'.  How does that include 'RemoteUserMailbox' ?

Perhaps a better alternative is this:

Set-EmailAddressPolicy Office365 -EnabledEmailAddressTemplates SMTP:%m@mycompany.mail.onmicrosoft.com -IncludedRecipients AllRecipients  ??

References

Email address and address book cmdlets

https://technet.microsoft.com/en-us/library/jj218649(v=exchg.150).aspx

Exchange Management Shell cmdlet input and output types

https://msdn.microsoft.com/library/ff326162(v=exchg.150).aspx

http://technet.microsoft.com/en-us/library/cc164375.aspx

In Microsoft Exchange Server 2003 and earlier versions, LDAP filtering syntax is used to create custom address lists, global address lists (GALs), e-mail address policies, and distribution groups. In Exchange Server 2010 and Exchange Server 2007, the OPATH filtering syntax replaces the LDAP filtering syntax. Using the OPATH filtering syntax allows you to create filters directly in Exchange Management Shell commands by using the -RecipientFilter parameter.

http://blogs.technet.com/b/exchange/archive/2007/03/12/3401538.aspx

After installing Exchange 2007 into your existing Exchange organization, the address lists and recipient policies must have OPATH filters specified in order to administer them from the Exchange 2007 tools.

https://technet.microsoft.com/en-us/library/cc164351(v=exchg.80).aspx

In Microsoft Exchange Server 2003 and earlier versions, Lightweight Directory Access Protocol (LDAP) filtering syntax is used when customizing the default e-mail address policy. However, in Exchange Server 2007, the OPATH filtering syntax replaces the LDAP filtering syntax.

• Proposed as answer by jott220 14 hours 28 minutes ago