Monday, August 29, 2005

An Extension to Delegate Access


Well, I'm back from vacation, and before I dive back into the world of building a Vista version of SBS for you guys, I thought I'd give the long over due credit for some hard work to Justin Kruger. I had posted a while back about How to host multiple domains on SBS, and a lot of discussion was generated. A follow up post on Delgate Access was posted, but this still didn't satisfy Justin's unique need. Justin had the specific requirement to give users different default email addresses based on a simple LDAP query.

I didn't have an answer for Justin, so he took the initiative and figured it out for those who share in his frustration! Well Done Justin!

Keep in mind that I have not tested this and I provide it AS IS from Justin. Use at your own risk.



To kick off the process, Justin creates two seperate user templates inside the server management, the first template has a description, and the second one doesn't (ie left blank)

Next, Justin opens the Exchange System Manager (ESM) and edits the default recipient policy to change it to an irrelavant SMTP address (which will be modified if you run CEICW at a later date). Justin uses %g@not-used.com, as the %g uses the given name variable when creating the account.


Also, as shown above, Justin created two more recipient policies for the two domain names the server will host. The first query is modified to search for the particulars in the description field as shown:

As you can see, if the description does not match, then this policy will apply. Then you set the SMTP address you wish to create, taking note of which way the %g.%s are

Now back to the second recipient policy, we make the description match exactly in the LDAP query.

And we add the SMTP policy for this as %s.%g (which is backwards to the above policy).

The reason for the swapping of the %g & %s is based on how you create the user using the SBS add user wizard. When creating the user with FLastName or LFirstName.
The image below will get the @whatever.com address

And this image will result in the @otheraddress.com since the first and last names are switched

Then Justin gave teh two accounts that belong to each others mailbox send on behalf permissions and loaded the default mailbox to the outlook profile with the other as the additional mailbox. (See my previous post on how to grant delgate access)
Finally, Justin amended the Address space in teh SMTP connector properties to relay for both domains



That's all Justin suggests to do! Happy emailing! Feel free to have a discussion with Justin right here on this blog post if you are having problems.

0 comments: