Custom Recipient Policy not processing
I've created a custom recipient policy to delete emails older than 3yrs on specific mailboxes. It works perfect when I select a single user (myself) but when I select a group with users in it, I get an email (as the admin) that 0 mailboxes were processed.
These are my steps when selecting a specific user group:
- Under the General tab, I select Modify
- In the "Find" field I select "Users, Contacts, and Groups"
- I type "AutoDelete" in the Name search, which is the group I've created with the specific mailboxes
- I select the group, and click OK.
After this I get the following code under the "Filter rules" window:
(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14)))(anr=auto*)))
I apply the policy, and I start the mailbox management process manually. I then get an email saying the following:
The Microsoft Exchange Server Mailbox Manager has completed processing mailboxes
Started at:
2011-08-05 11:09:11
Completed at: 2011-08-05 11:09:12
Mailboxes processed: 0
Messages moved:
0
Size of moved messages:
0.00 KB
Deleted messages:
0
Size of deleted messages:
0.00 KB
Luis
August 5th, 2011 11:42am
Have a look at this 1st and go through the troubleshooting and check your configuration. -
http://support.microsoft.com/kb/319188
Sukh
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2011 12:15pm
I made sure that by hitting the "find now" after creating the filter that it finds the group. I seem to have everything right if I go according to that article.Luis
August 5th, 2011 12:26pm
Do your mailboxes meet the criteria, e,g if it;s based on age or size? Do you have any archiving product (3rd party product?) Sukh
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2011 12:36pm
Yes, all of the users have items in their deleted folder older than 3yrs.Luis
August 5th, 2011 3:40pm
Hi,
Do you have other recipient policy applied to that group?
Please verify the type of the group, security? universal?distribution?
Please verify if it is a mail enabled group.
How the Recipient Update Service applies recipient policies
http://support.microsoft.com/?id=328738
Xiu
Free Windows Admin Tool Kit Click here and download it now
August 8th, 2011 4:46am
I don't have any other policies applied to that group. The group is a Universal/Distribution group and is mail enabled, as we use it within Outlook all the time to reach these recipients.Luis
August 8th, 2011 9:31am
Here's a few things to check and go through -
http://blogs.technet.com/b/exchange/archive/2005/04/18/403819.aspx &
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/818edfa8-a64c-408f-9b6d-ff1591fdaf13
Sukh
Free Windows Admin Tool Kit Click here and download it now
August 8th, 2011 10:05am
Nothing in the blog applied to my issue. On the thread that you referenced the user ended up creating separate policies for each test user. This is not what I want. I want to test the policy with a group first.Luis
August 8th, 2011 12:32pm
I t was more of the things to look for than a resolution, have you chcked for any pinters in there?Sukh
Free Windows Admin Tool Kit Click here and download it now
August 8th, 2011 4:28pm
Hi,
Then please try to check msExchPoliciesincluded for user to see if the value is the same as objectvalue for recipient policy.
You can use ADSIedit.msc or ldp to check the value.
If policy has been applied to user, then value for msExchPoliciesincluded should be the same as objectvalue for the custom recipient policy.
Besides, please try to use the following command to see if it will find the user.
C:\ldifed -d "DC=DOMAIN,DC=com" -f c:\output.txt -r "(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14)))(anr=auto*)))"
Regards,
Xiu
August 9th, 2011 1:53am
Hi,
Then please try to check msExchPoliciesincluded for user to see if the value is the same as objectvalue for recipient policy.
You can use ADSIedit.msc or ldp to check the value.
If policy has been applied to user, then value for msExchPoliciesincluded should be the same as objectvalue for the custom recipient policy.
Besides, please try to use the following command to see if it will find the user.
C:\ldifde -d "DC=DOMAIN,DC=com" -f c:\output.txt -r "(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14)))(anr=auto*)))"
Regards,
Xiu
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2011 8:49am
Where can I find the ldified program?Luis
August 9th, 2011 10:27pm
Typo with LDIFIED. I have corrected in my post. That could be the ldifde.exe tool.
Xiu
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2011 4:37am
Ok, it took me a while but I completed these steps. I could not find an "objectvalue" attribute for the recipient policy, but I looked at the value for the msExchPoliciesincluded for one of the users and I could not find that value on any of the attributes
for this policy.
Also, I ran the ldifde tool and it did return with the users that are members of this group.
So weird because if I do this in a per/user basis it works perfectly. I only have the problem when I select a group.Luis
August 11th, 2011 3:50pm
Hi,
Please use custom search when you create recipient policy like below, if you click find now, it should reture the members of the group.
(&(mailNickname=*)(|(memberOf=CN=groupname,CN=Users,DC=domain,DC=com)))
Regards,
Xiu
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2011 10:50pm
The custom search did return with the users that are part of that group. I applied the policy, started the mailbox management process, and a few seconds after I received an email saying that no mailboxes had been processed. See below:
Luis
August 12th, 2011 8:16am
OK, I stand corrected. After a few minutes of having applied the policy, I ran the mailbox management process again and this time it processed the mailboxes in the group!
I think that there are two components to this fix. One, it seems that the group needs to be under the Users OU, otherwise the custom search query would not find the users. And two, I had to wait around 2-3 mins after having applied the policy before I could
start the mailbox management process.
Thank you Xiu and everyone else who contributed to this thread! Have a great weekend!Luis
Free Windows Admin Tool Kit Click here and download it now
August 12th, 2011 8:46am