Exchange 2007/2010, sending letters to domain users who have external mailing addresses
There is an interesting bug, and maybe even a feature in Exchange 2007/2010 with sending letters to a user who has an external mailbox.
Suppose you have some OU in your domain, which is needed to authorize third-party users to whom you do not allocate the mailbox of your domain, but they use their own. Let's call this OU - External. This is usually required if you work with any partners and provide them with access to some resources of your organization.
When you open a new user in this OU, you specify its external e-mail address, say username@externaldomain.com, and naturally you want this user to be able to be on mailing lists and receive all emails that are generated by different systems automatically, and also be available for users from other OUs in the address book and other users had the opportunity to send him letters in the usual way by selecting the recipient in Outluk.
So, it is impossible to make such standard Exchange tools! Mail is simply not sent to external addresses, if such is specified in AD by the user. I rummaged through a bunch of articles and the only way I’ve found and that Microsoft authoritatively recommends to Technet is a discovery for each such user and also a mail contact to which all mail will be sent. (Here is the process in the pictures) Just think about it - open contact with the same data for each existing user plus changing the letter in the name or the last name, since such an object already exists in the form of the user and AD will not let you create a duplicate. And then also set the forward from the user to the contact. I'm sorry, but this is idiocy and crutches. It is official crutches.
')
Having a little idea about the structure of the data and attributes of LDAP, I went to study the list of attributes that Exchange uses and which we will need to solve the problem.
So, we need an LDAP Attribute Editor, which can be accessed from the AD Users & Computers, View -> Advanced Features console. Then we find the right user and open the Attribute Editor tab.
Next we find the attribute - 'proxyAddresses ' and add the values:
Where appropriate username@externaldomain.com is the user's external mailbox, and X400 will allow us to use MTA (mail transfer agent) for this user. (C = Country, A = Administrative Control Domain, P = Private Control Domain, O = Organization, S = Last Name, G = First Name)
Find the attribute 'targetAddress' and add values
In the attribute 'legacyExchangeDN' add
And fill in accordance with the name of your organization (domain)
In principle, this is enough to make mail routing to external addresses of local users.
Find the attribute 'mAPIRecipient' and set its value to FALSE. This disables the rich text, styles and design of letters for Autluk. If you do not do this, then users are not an outlook, but webmail or other email programs that do not know how to format letters in Rich Text will receive, by attaching, the Winmail.dat file, which contains these styles.
Now, if we want this user to be displayed in the GAL (Global Addres List) in the organization’s global contact list, we do the following:
Find the 'showInAddressBook' attribute and add the following three entries there:
Naturally, the values of the organization and the domain you will need to change to your own.
You can also make a simple PowerShell script that will automatically edit the necessary attributes.
LDAP Attribute Help - www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
msdn.microsoft.com/en-us/library/ms675090 (v = vs.85)
Prehistory
Suppose you have some OU in your domain, which is needed to authorize third-party users to whom you do not allocate the mailbox of your domain, but they use their own. Let's call this OU - External. This is usually required if you work with any partners and provide them with access to some resources of your organization.
When you open a new user in this OU, you specify its external e-mail address, say username@externaldomain.com, and naturally you want this user to be able to be on mailing lists and receive all emails that are generated by different systems automatically, and also be available for users from other OUs in the address book and other users had the opportunity to send him letters in the usual way by selecting the recipient in Outluk.
So, it is impossible to make such standard Exchange tools! Mail is simply not sent to external addresses, if such is specified in AD by the user. I rummaged through a bunch of articles and the only way I’ve found and that Microsoft authoritatively recommends to Technet is a discovery for each such user and also a mail contact to which all mail will be sent. (Here is the process in the pictures) Just think about it - open contact with the same data for each existing user plus changing the letter in the name or the last name, since such an object already exists in the form of the user and AD will not let you create a duplicate. And then also set the forward from the user to the contact. I'm sorry, but this is idiocy and crutches. It is official crutches.
')
Learning the mat part
Having a little idea about the structure of the data and attributes of LDAP, I went to study the list of attributes that Exchange uses and which we will need to solve the problem.
So, we need an LDAP Attribute Editor, which can be accessed from the AD Users & Computers, View -> Advanced Features console. Then we find the right user and open the Attribute Editor tab.
For the file!
Next we find the attribute - 'proxyAddresses ' and add the values:
SMTP:username@externaldomain.com
X400:C=US;A=LOCALDOMAIN;P=LOCALDOMAIN;O=Exchange;S=Surname;G=Name;Where appropriate username@externaldomain.com is the user's external mailbox, and X400 will allow us to use MTA (mail transfer agent) for this user. (C = Country, A = Administrative Control Domain, P = Private Control Domain, O = Organization, S = Last Name, G = First Name)
Find the attribute 'targetAddress' and add values
SMTP:username@externaldomain.comIn the attribute 'legacyExchangeDN' add
/o=LOCALDOMAIN/ou=First Administrative Group/cn=Recipients/cn=NameSurnameAnd fill in accordance with the name of your organization (domain)
In principle, this is enough to make mail routing to external addresses of local users.
Tuning
Find the attribute 'mAPIRecipient' and set its value to FALSE. This disables the rich text, styles and design of letters for Autluk. If you do not do this, then users are not an outlook, but webmail or other email programs that do not know how to format letters in Rich Text will receive, by attaching, the Winmail.dat file, which contains these styles.
Now, if we want this user to be displayed in the GAL (Global Addres List) in the organization’s global contact list, we do the following:
Find the 'showInAddressBook' attribute and add the following three entries there:
CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=ORGANIZATION,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=com
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=ORGANIZATION,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=com
CN=All Contacts,CN=All Address Lists,CN=Address Lists Container,CN=ORGANIZATION,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=comNaturally, the values of the organization and the domain you will need to change to your own.
You can also make a simple PowerShell script that will automatically edit the necessary attributes.
LDAP Attribute Help - www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
msdn.microsoft.com/en-us/library/ms675090 (v = vs.85)
Source: https://habr.com/ru/post/145681/
All Articles