Exchange 2000 Hosting: The ASP Model, Part 2

Exchange Server hosted in an application service provider (ASP) environment is similar to a corporate Exchange deployment. Smart IT departments can think of themselves as ASPs, with their own organization as their customer. This article is the second in a series about the Exchange 2000 Server lessons you can learn from ASPs.

In "Exchange 2000 Hosting: The ASP Model, Part 1," November 2001, I described the front-end/back-end architecture that ASPs use for Exchange and told you that ASPs typically establish one Active Directory (AD) forest with a separate organizational unit (OU) for each company they host. Likewise, you might set up one AD forest, with a separate OU for each of your corporate divisions. I also showed you how to define a user principal name (UPN) suffix for a division—Division A—and associate it with the logon names of the users in that division. (For an explanation of how to create a UPN suffix as an OU property, see the sidebar "Creating a UPN Suffix as an OU Property," page 12.)

The DivisionA.com UPN suffix that I created will come in handy this month, when I describe how to set up userX @DivisionA.com as a valid email address in Exchange. First, I must set the address as a property of each user, which I accomplish through recipient policies. Second, I must configure the Exchange system to accept messages for userX@DivisionA.com addresses. To complete the configuration process, I secure the address list so that users see only the other users that I want them to see.

Recipient Policies
You can use an Exchange recipient policy to generate email addresses for a selected group of users—for example, to give all the users in Division A an email address with the format userX@DivisionA.com. Open Exchange System Manager (ESM), expand the Recipients node, and select Recipient Policies. At this point, you might have only a Default Policy, which stamps all users with the email address for your Exchange organization (e.g., userX @Company.com). Right-click the right pane or Recipient Policies and select New, Recipient Policy. If you have Exchange 2000 Service Pack 1 (SP1), you'll see a box asking you to select the property pages that you want to include (this box includes Mailbox Manager as an option for the policy). Select the E-Mail Addresses box and click OK. Next, you'll see the Recipient Policy Properties dialog box. Give the recipient policy a name, such as All Users of Division A, and click the E-Mail Addresses (Policy) tab, which shows the generation rules for the email addresses. If you don't want users to have the first SMTP address listed for your organization, select it and click Edit. Otherwise, click New to add another STMP address. Enter the SMTP address at the SMTP Address Properties' General tab, which Figure 1 shows, and click OK.

Now go to the Recipient Policy Properties' General tab and click Modify. This step is a little tricky. You need to build a Lightweight Directory Access Protocol (LDAP) query of AD that will select the users to stamp with this new address. Ideally, you would use the OU to identify the users; unfortunately, you can't create a recipient policy based on an OU. Instead, you can use the UPN suffix I established last month for the query. If you don't want to use UPN suffixes to establish separate OU identities, you can create a group for All Users in the OU and query based on that group membership. I'll show you how to do both.

Query based on the UPN suffix. Using the UPN suffix to build the recipient policy is a bit easier, so I'll cover it first. After you click Modify, click the Advanced tab and you'll see a Find Exchange Recipients dialog box similar to the one that Figure 2 shows, except that the fields in your dialog box will be blank. Click Field and select User from the drop-down list. When you select User, a long list of names will no doubt fill your screen. Use the triangle at the bottom of that screen to scroll to Logon Name and select it by pressing the letter L (or use the keyboard to select Logon Name). You want to search for the UPN suffix, so select Ends With from the Condition field's drop-down list and type DivisionA.com in the Value field. Click Add, then click Find Now to verify that the query finds the matching users. (If the query doesn't find any users, you've mistyped the UPN suffix or the UPN suffix doesn't have any assigned users.) Click OK. When you do so, you'll see a message stating that changing the LDAP query for an existing policy doesn't automatically update the recipient policy for existing users. In other words, if users have email addresses based on a previous query and you've changed the query, you must right-click Recipient Policy and select the Apply this policy now option to update the existing addresses. However, in this example, because you're creating a new policy, you haven't changed an existing query. Note that in Figure 2, the user Yetta Nother doesn't have an email address. Unlike the other users, Yetta is a new user who hasn't been stamped with the Default Recipient Policy yet. When I apply the new Division A policy, each of these users will receive the userX@DivisionA.com address.