You can't specify the recipient container because legacy servers are detected
Hello,
I have fully upgraded to Exchange 2010 SP1 from Exchange 2007 SP2 (the latter having been upgraded from Exchange 2003 a few years back).
The organization currently only has the 'Default Policy' EAP. My EAPs are in 0.1 (8.0.535.0) version and when I try to upgrade them to the latest version, using the
Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients the command, I get back the "The operation can't be performed on the default e-mail address policy" error message.
I want to create a new EAP for Employees (Users) and a new EAP for Contacts. When trying to create the first EAP using the command below:
new-EmailAddressPolicy -Name 'External E-mail for MyOrg Personnel' -RecipientContainer 'int.myorg.com/MyOrg Personnel' -IncludedRecipients 'MailboxUsers, Resources, MailGroups' -Priority 'Lowest' -EnabledEmailAddressTemplates 'SMTP:%m@myorg.com'
I get back the error message:
VERBOSE: [12:21:55.387 GMT] New-EmailAddressPolicy : Active Directory session settings for 'New-EmailAddressPolicy'
are: View Entire Forest: 'False', Default Scope: 'int.impact.gr', Configuration Domain Controller:
'mydc.int.myorg.com', Preferred Global Catalog: 'mydc.int.myorg.com', Preferred Domain Controllers: '{
mydc.int.myorg.com }'
VERBOSE: [12:21:55.387 GMT] New-EmailAddressPolicy : Runspace context: Executing user:
int.myorg.com/Users/Administrator, Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [12:21:55.387 GMT] New-EmailAddressPolicy : Beginning processing &
VERBOSE: [12:21:55.387 GMT] New-EmailAddressPolicy : Instantiating handler with index 0 for cmdlet extension agent "Rus
Agent".
VERBOSE: [12:21:55.387 GMT] New-EmailAddressPolicy : Instantiating handler with index 1 for cmdlet extension agent
"Admin Audit Log Agent".
VERBOSE: [12:21:55.402 GMT] New-EmailAddressPolicy : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient
Write Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient
Scope(s): {}, Exclusive Configuration Scope(s): {} }
VERBOSE: [12:21:55.433 GMT] New-EmailAddressPolicy : Admin Audit Log: Entered Handler:OnComplete.
You can't specify the recipient container because legacy servers are detected.
+ CategoryInfo : InvalidArgument: (External E-mail for MyOrg Personnel:ADObjectId) [New-EmailAddressPoli
cy], InvalidOperationException
+ FullyQualifiedErrorId : 6F40D023,Microsoft.Exchange.Management.SystemConfigurationTasks.NewEmailAddressPolicy
I have a single Exchange 2010 SP1 server (i.e. no legacy servers are available).
What do you suggest?
September 6th, 2010 3:24pm
Please check if “CN=Servers” object still exists under the path below via ADSI Editor. If yes, please take a system backup and then
remove the object. After that, wait for AD replication
Configuration > Services > Microsoft Exchange > Org > Administrative Group > First Administrative Group
Now, see if you still can’t create new e-mail address policyJames Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2010 6:12am
Thanks for the reply James.
I actually have two Administrative Groups under Configuration > Services > Microsoft Exchange > Org > Administrative Groups:
CN=Exchange Administrative Group (FYDIBOHF23SPDLT), which has a “CN=Servers” object under which there are, correctly two servers listed: our CA,M,H Exchange 2010 SP1 Server
and our EDGE Exchange 2007 SP2 server CN=First Administrative Group,
*without* any “CN=Servers” objects
Do you think the existence of the EDGE server is causing this issue?
Should I delete the “CN=Servers” object of the "CN=Exchange Administrative Group (FYDIBOHF23SPDLT)"
administrative group?
Thanks in advance,
Yannis
September 7th, 2010 10:15am
After further research, I found that the symptom will happen when you have exchange 2003 or 2007 in the environment. OU based EAP (Email Address
Policy) can only be created in a pure exchange 2010 organization
The workaround is to use “RecipientFilter”
instead of “RecipientContainer” before you decommissioned exchange 2007 server
Resources:
Email Address Policy and
OPATH filters
Filterable Properties for the -RecipientFilter Parameter
in Exchange 2007 RTMJames Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
September 8th, 2010 5:16am
Hi James,
thank you for your response; still I do not understand if you propose a specific action out of it.
I have already decommissioned Exchange 2007.
See a sample of the configuration of the 'All Users' Address List, which uses RecipientFilter.
Name
: All Users
RecipientFilter
: RecipientType -eq 'UserMailbox'
LdapRecipientFilter
: (&(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*))
LastUpdatedRecipientFilter : RecipientType -eq 'UserMailbox'
RecipientFilterApplied
: True
RecipientFilterType
: Precanned
ExchangeVersion
: 0.1 (8.0.535.0)
Do you propose any further steps in order to upgrade the
Exchange objects to 2010 and create OU-based EAPs?
Thanks in advance,
Yannis
September 8th, 2010 12:08pm
So, there's no exchange 2007 server in the environment? If that's true, please remove the exchange 2007 edge server trace via ADSI Editor, and then see if the OU based EAP can be createdJames Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2010 8:58am
Hello,
since there is an EDGE 2007SP2 server, will "upgrading" it to 2010SP1 solve this issue?
September 9th, 2010 1:51pm