Time Until New Transport Rule Becomes Effective

In this Technet article, it's specified that the transport rules are stored in Active Directory. Even though it's not specified explicitly, to my knowledge this is being stored in the Configuration Partition. My question is - assuming the AD replication reaches a DC in the same site as an Exchange Mailbox server - how long does it take for the Transport service on that Mailbox server to pick-up the new rule ? Is it polling every 5 minutes, is it event-triggered, etc ?

In the same article mentioned above, it's stated that an event is written to the Security log in Event Viewer when this is being retrieved, unfortunately the ID isn't mentioned. Does anyone know what this might be ?

July 1st, 2015 4:01am

Hi Albert,

Base on my knowledge, due to every message that's sent or received in an Exchange 2013 organization must be categorized in the Transport service on a Mailbox server before it can be routed and delivered, when messages are received by the Transport service, message content inspection is performed, transport rules are applied, this process will need to contact DC, if your AD replication is fine, I think the transport service will instantly pick-up the new rule.

Best regards,

Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2015 5:37am

Hi Albert,

Yes, you are correct all Exchange configuration related data is stored in Configuration partition of AD(ADSI editor can be used to browse those).

As per my understanding and observation, within same site its seconds or instantaneous.

Cross-sites it very well depends how much your AD replication takes time. In normal scenario it can take from 15mins to 1hr depending on your organization size.

To be on a safer side, consider it to be 1-2hrs.

Run this to check if all partitions replication is fine or not.

#PowerShell:
repadmin /showrepl * /csv | ConvertFrom-Csv | Out-GridView		
July 2nd, 2015 7:26am

Hi Albert,

Q. "Each time the Transport service on the Mailbox server retrieves a new transport rule configuration, an event is logged in the Security log in Event Viewer."

A. Regarding your question on the Transport Rule Event ID, this is what I have found.

It's stored in Application Log, Event ID 4002

Get-EventLog -Source "MSExchange Messaging Policies" -LogName Application | fl *

EventID            : 4002
MachineName        : EXCH-1.contoso.com
Data               : {}
Index              : 182
Category           : Rules
CategoryNumber     : 4
EntryType          : Information
Message            : 'TransportVersioned' rule collection was loaded successfully.
Source             : MSExchange Messaging Policies
ReplacementStrings : {TransportVersioned}
InstanceId         : 970
TimeGenerated      : 7/2/2015 6:37:52 AM
TimeWritten        : 7/2/2015 6:37:52 AM
UserName           :
Site               :
Container          :


Event ID 4002: This Information event indicates that the Microsoft Exchange Transport service messaging policy configuration has been updated. This event is logged when the Microsoft Exchange Transport service starts or when transport rules are modified.

References:

MSExchange Messaging Policies 4002

https://technet.microsoft.com/en-us/library/ff985072%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396

Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2015 8:04am

Niko, Satyajit - thank you for your replies. I've also confirmed in my lab that once the changes reach the respective AD site, mailbox servers in that respective site will pick the change instantly (eg seconds), as the Exchange-emitted event viewer object 4002 comes seconds afterwards.
July 2nd, 2015 12:36pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics