Monday, August 29, 2005

An Extension to Delgate Access

Well, I'm back from vacation, and before I dive back into the world of building a Vista version of SBS for you guys, I thought I'd give the long over due credit for some hard work to Justin Kruger. I had posted a while back about How to host multiple domains on SBS, and a lot of discussion was generated. There was also a follow up about Delgate Access. However, neither of these posts satisfied Jusin's unique need. Justin had the specific requirement to give users different default email addresses based on a simple LDAP query.

I didn't have an answer for Justin, so he took the initiative and figured it out for those who share in his frustration! Well Done Justin! The steps that Justin followed are outlined below.

Keep in mind that I have not tested this and I provide it AS IS from Justin. Use at your own risk.

To kick off the process, Justin creates two seperate user templates inside the server management, the first template has a description, and the second one doesn't (ie left blank)

Next, Justin opens the Exchange System Manager (ESM) and edits the default recipient policy to change it to an irrelavant SMTP address (which will be modified if you run CEICW at a later date). Justin uses, as the %g uses the given name variable when creating the account.

Also, as shown above, Justin created two more recipient policies for the two domain names the server will host. The first query is modified to search for the particulars in the description field as shown:

As you can see, if the description does not match, then this policy will apply. Then you set the SMTP address you wish to create, taking note of which way the %g.%s are

Now back to the second recipient policy, we make the description match exactly in the LDAP query.

And we add the SMTP policy for this as %s.%g (which is backwards to the above policy).

The reason for the swapping of the %g & %s is based on how you create the user using the SBS add user wizard. When creating the user with FLastName or LFirstName.
The image below will get the address

And this image will result in the since the first and last names are switched

Then Justin gave the two accounts that belong to each others mailbox send on behalf permissions and loaded the default mailbox to the outlook profile with the other as the additional mailbox. (See my previous post on how to grant delgate access)
Finally, Justin amended the Address space in teh SMTP connector properties to relay for both domains

That's all Justin suggests to do! Happy emailing! Feel free to have a discussion with Justin right here on this blog post if you are having problems.


Anonymous said...

If a user connects via OWA, will they be able to send email from either domain... or just the primary domain for their mailbox? Thanks!

Sean Daniel said...

Most likely just their primary domain.

Zee said...

So here is the quick intro. i bought a sbs server to host 15 of my current virtually hosted sites for my clients, that way i get to break even with the cost and also buy a new toy. anyway, your article on multiple domains is what i needed, however before i used all that info i had to make my domains work, and that was a painfull 3 day game. Anyway...
im not using the defaultwebsite of the server for anything, i just want to host 15 additional sites to that, is there a way to have OWA on each domain? and so on? i tried to recreate the same vistual website that defaultwebsite has for exchange :) but ofcourse it cant be that easy, or is it? i believe i got a directory cannot be displayed or something, i believe it was "\\.\BackOfficeStorage\domainfrominternetwizard\MBX"

Its no biggie if its not possible, was just curious...

Sean Daniel said...

Actually, it's relatively easy to create new Exchange virtual servers from the Exchange System Manager. Although, I don't think that will help you because of a different problem.

The reason hosting multiple http websites works, is because you can use host headers to differentiate between sites. Unfortunately using https, the host header is encrypted and IIS can't read it until it's already landed at a website and been decrypted, at which point it's too late.

in order to get what you want ( and you'd need to have a seperate IP address for each virtual server, bind them all to the same network card, then have each IP address go to a different https site. If you don't do this, then you'll be stuck doing something like
etc. having each site listen on a different port.

Hope this helps,

zee said...

Thanks for the info Sean, with that i bring you another question. is up and running, works for smtp and pop. i have started working on, everything is up and running except for smpt and pop :).

When i ran the internetemail wiz, i configured it for

if i run it again for itll probably create the piece i want, but will it ruin

is there a better and easier way to do that? (p.s is reiieveing email for the account i created for it) i just cant retrieve it remotely using (however if i use i can get the email for


Sean Daniel said...

I wouldn't recommend re-running ICW to create your domains. Instead, follow the instructions on How to host multiple domains on SBS. Have you read that series of 4 posts yet?

zee said...

ignore my last post. godaddy.coms customer support is run by a bunch of idiots.

i had the mx record in for but i also needed an a record for didnt need it, because as i was messing aroudn with it, i had created it earlier and deleted it, and the dns was caching it :)

so not only do u need a @ pointing to the IP you also need a A ref to the pointing to the IP :)

everything works now

Justin Kruger said...

If a user connects via OWA, will they be able to send email from either domain... or just the primary domain for their mailbox? Thanks!

By Anonymous, at 1/22/2006 6:24 PM

So long as you log onto OWA as the correct user it will send the email from the correct domain. I was the person who cane up with this process and it works perfectly.


Justin kruger

Cees said...

Hi guys,

Thanks for this blog Daniel, I learned a lot!

I use this very simple to send mail from more domains on one SBS2003 server.

Lets say: 1st domain is, 2nd domein is and the user is Me Myself [Itdo Ltd].
In AM/Users I create a Group with the name "Me Myself [Doit Ltd]", it has only this one mailadres, the only member of the group is Me Myself [Itdo Ltd].
Works great.

duitwithsbs said...

Is there are way to explain this without it being so confusing? This has my mind tied in knots trying to envision what it is your are suggesting. ...a mental tongue twister so to speak :-)

I appreciate that this has been stated as it works by multiple respondents. Maybe its one of those things you just have to do before it makes sense.

Maybe a simple diagram or something made with Crayola's ...

kudos and thanks

Sean Daniel said...

I agree it's not easy, hence the over-use of screen shots. I will use Crayola's next time. ;o)