SBS 2011 Standard Additional Accepted Email Domains (Multiple Accepted Domains)
July 14, 2011 10 Comments
My customer is expanding his business, and is going to add a specialist arm of his company in a particular field.
As such he has setup a new website for that particular department and wants some of his staff to have a new email address based on whether they work for that part of the company.
This is really very easy to setup using Email Address Policies, and i will show you how to do that in this blog post.
I did try to get the process a little more automated, and integration into the add user wizard would have been great, but so far i haven’t got that working, but i am hoping with a little prodding of the SBS Dev team, we may be able to find a way.
To follow me through this process, you will need:
A Server running SBS 2011 Standard.
Two domains configured to send email to the SBS Server.
Some user accounts to test with..
First of all what we will do is add our new domain name as an accepted domain in Exchange.
The process for this is very similar, if not identical to that of Exchange 2007.
From Start, go to All Programs, Expand Microsoft Exchange server 2010 and open up the Exchange Management Console (EMC).
When the exchange console opens, expand Microsoft Exchange On-Premises, expand Organization Configuration and select Hub Transport.
Switch to the ‘Accepted Domains’ tab.
This shows you the current accepted domains.
On the right hand side, select ‘New Accepted Domains’
Enter a name for your new domain, and enter the domain name itself. We will leave the server as the authoratative server for this domain, click New,
After a few seconds, the action will complete, and you will be shown the PowerShell command that would have performed this action from the exchange shell. Click Finish.
You can now see your additional domain added as an accepted domain.
If we now switch to recipient configuration, and the mailbox section, we can see our current mailbox users.
If we go to the properties of one of these accounts, we can see the current email addresses associated with that account.
We can see that no changes have been made to this account so far.
That’s good because it means existing users are not affected by what we have done.
We will have a look at existing users in a moment, but first let’s add a new user to the system.
Since i am listening to The Beatles at the moment, i am going to call this guy John Lennon. My Favourite Beatle happens to be George, but that isn’t relevant. Why then am i not calling him George Harrison, well i don’t know.
I am not covering the add user wizard here as other posts exist out there on how to do this. Plus it is in the books relating to SBS 2011.
So John, is a good guy and he’s working for my company’s new department.
But wait, as we can see here, he still has an SBSTIPS.co.uk address, not TITLEREQUIRED.com – that is good, that is what is expected.
Now, we need to edit his account.
Let’s open up ADUC (Active Directory Users & Computers) From Start, go to Administrative Tools, and you will see ADUC at the top.
Expand Yourdomain.local and keep expanding down until you find MyBusiness\Users\SBSUsers
Find John’s account, and go to the properties.
Switch to the ‘Organization’ tab, and enter ‘Titlerequired’ into the department field.
Click OK to save this change, and close ADUC.
Switch back to the EMC
Go back to the Organization Configuration, Hub Transport area, and go to the ‘Email Address Policies’ tab.
You can see we have 2 current policies. The Windows SBS Email Address Policy is set to make whatever domain name you entered in the Internet Address wizard the default for all users.
So we want to add a new Email Address Policy. On the right click, New Email Address Policy.
We need to enter a name, and also select the container where this policy should be applied, and also the type.
You can leave these as default values, but please do enter a name. Click Next.
Put a check in the box for ‘Recipient is in a Department’ under Step 1.
Under Step 2, select the hyperlinked word ‘specified’ and enter our department name value of Titlerequired.
You can then click Preview, and the policy will show you which users or recipient types it will affect. Hopefully we will only see Mr. Lennon’s name.
We do! That is great because it means whatever we are doing here will only affect that one account.
When you are happy click next.
On the email addresses page, click Add.
Here we choose how the new email address should look, i like to use first initial and surname, so i will select that.
The default is to add a new email address to the ‘default’ domain, since this is yourdomain.local the new address for John would be firstname.lastname@example.org – we want to add this to our new accepted domain, so we must choose to specify the accepted domain.
Click the radio button for that option, and click Browse.
You will then see all the domains we have setup on our system.
Double Click the domain you want to use, and it will be added to your policy.
You will now see your email address shown, using the variables that are used for whatever name format of address you chose. More on that here.
The table below is taken from the TechNet website and shows variables you can use.
You have the option to apply the new policy immediately, or at a scheduled time, or not to apply it all. We want to do it immediately, so click next.
You will see a summary page with some PowerShell commands listed. Click New to build and apply the policy.
The policy is built and applied successfully.
Lets switch back to our Recipient area, and check the email addresses our users now have.
We can see that our user still has his old address.
Switching back to the Policies area, we can see our new policy has a priority of 2, and the Windows SBS policy is set at 1.
We need to change it to priority 1. Select your new policy and on the right hand side, click Change Priority, and enter the number 1, Click OK to save.
It now jumps to the top of the list.
Now we need to reapply the policy. Right click the policy and click Apply. We get those same options as before, click on Next, and Apply.
Again you are shown some PowerShell, and you can click Finish to close the Apple Policy page.
Switching back to Recipient Configuration, you can now see that John has a new email address. (you may need to refresh the view)
IF we go into his account properties you can see he now has an email address for both SBSTIPS.co.uk and TITLEREQUIRED.com but that TITLEREQUIRED.com is his default address.
If we want to move an existing user to a new department, just edit their AD account to change their Department, and then reapply the policy.
You can see that the email address is added as an additional address.
And that is how to add an additional domain name and have it apply to only certain users.
If you want to have an additional domain apply to all users, but not as the default, then simply don’t narrow your Email Address Policy by using a department as in Step 1 and 2 above, and leave the policy at priority 2.
You can always use the Preview button to help confirm who will be affected by such a change.
If you want to change the default domain for all users, you should run the Internet Address Wizard and add your new domain here, then add your old domain as an accepted domain, and build a policy as described here to add that old domain as an additional address.