Wednesday, October 1, 2008

Exchange 2007 - Upgrading Email Policies

Upgrading Email Address Policies (EAP)

If Exchange 2007 organization resides with  legacy instances of Exchange 2000/2003. The deployment of Exchange 2007 within the same organization results in a coexistence with legacy Exchange and Exchange 2007. As with any coexistence/migration scenario, steps should be taken to convert/move legacy born objects to native Exchange 2007 objects. This section will talk about the steps you can take to upgrade your legacy LDAP filters for EAPs to the new syntax, allowing you to upgrade your Address List and Email Address Policy objects to the Exchange 2007 object version. Exchange 2007 uses a new style of filter syntax to replace the LDAP filters of previous versions.

Note: that if you decide not to upgrade the ALs or EAPs, there will be no broken functionality from the Exchange 2007 side. New users will still be provisioned according to those policies. However you will not be able to edit those objects from 2007 Exchange Management Console until they are upgraded.

To confirm the need to upgrade the filter (and the version) on your EAP. There are a couple of key indicators you can check. The first is that if you try to edit the EAP in Exchange 2007 GUI, you'll get a screen with this error - "Unable to edit the specified E-mail address policy. E-mail address policies created with legacy versions of Exchange must be upgraded using the 'Set-EmailAddressPolicy' task, with the Exchange 2007 Recipient Filter specified.":

Another way to check that doesn't rely on the GUI is to issue this one-liner:

Get-EmailAddressPolicy | Format-List Name,*RecipientFilter*,ExchangeVersion

This cmdlet will return all of your EAPs, and will include any properties containing RecipientFilter and the ExchangeVersion property. Look for these clues:

· LdapRecipientFilter is populated but RecipientFilter is empty - Exchange 2003 doesn't populate RecipientFilter; that's what we're about to do!

· RecipientFilterType is "Legacy"

· ExchangeVersion is "0.0 (6.5.6500.0)"

<Company> Email Address Policy Results (Pre-EAP Upgrade) –

· Sample One legacy (Exchange 2003) and One Native (Exchange 2007)

Legacy Sample

Name : Default Policy
RecipientFilter :
LdapRecipientFilter : (mailnickname=*)
LastUpdatedRecipientFilter :
RecipientFilterApplied : False
RecipientFilterType : Legacy
ExchangeVersion : 0.0 (6.5.6500.0)

Native Exchange 2007 Sample

Name : company
RecipientFilter : (CustomAttribute1 -eq '' -and Alias -ne $null)
LdapRecipientFilter : (&(*))
LastUpdatedRecipientFilter : (CustomAttribute1 -eq '' -and Alias -ne $null)
RecipientFilterApplied : True
RecipientFilterType : Precanned
ExchangeVersion : 0.1 (8.0.535.0)


Upgrading Default EAPs

Note: Once these changes are made, you can no longer manage the email policies within the Exchange 2003 System Manager.

: This process is only for “Default” email policies. Upgrading Custom Email Policies.

Since the "Default Policy" EAP has a well-known filter, we can simply provide the Exchange 2007 equivalent of this well-known filter to do the upgrade. Here's the one-liner:

Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients

When you run this one-liner, you'll be prompted to ask whether you REALLY want to do the upgrade with this text: "To save changes on object "Default Policy", the object must be upgraded to the current Exchange version. After the upgrade, this object cannot be managed by a previous version of Exchange System Manager. Do you want to continue to upgrade and save the object?"

Once you've committed to a "Y" answer on this confirmation, the "Default Policy" EAP will be upgraded to Exchange 2007 version with the new Exchange 2007 filter in place. You can confirm this by looking at the same properties as before. Now you'll notice that there is a RecipientFilter property populated, that the RecipientFilterType is "Precanned", and that the Exchange version has bumped to 0.1 (8.0.535.0). Further, you may notice that you can no longer make changes to the recipient policy through Exchange 2003 ESM, although the Exchange 2003 Recipient Update Service (RUS) will continue to process these recipient policies just fine.

Upgrading Custom EAPs

What if you've created some special EAP or AL objects for your organization, over and above the built-in set of EAP and AL objects? How can you convert the "not-so-well-known" LDAP filter you have created into an equivalent OPATH filter for use by PowerShell?

Upgrading Custome EAPs is not as simple as upgrading Default Policies. There is more to than simply running a command.

No comments:

Post a Comment