Apr 09, 2012

Updating Recipient Policies for Hybrid Coexistence

Adrian Romo

Adrian Romo

Default image background

The Manage Hybrid Configuration wizard introduced with Exchange 2010 Service Pack 2 greatly reduces the complexity of staging hybrid coexistence with Office 365 and Exchange Online. However, some tasks must still be manually performed. One of the activities the wizard performs behind the scenes is upgrading existing Recipient Policies/Email Address Policies to Exchange 2010 format using the Set-EmailAddressPolicy cmdlet. The caveat is this process fails for Exchange 2003 organizations if any of the policies have Mailbox Manager Settings assigned to them or if they use LDAP queries to filter which mailboxes they apply to.

To determine if any Recipient Policies in Exchange 2003 have Mailbox Manager Settings, run the Get-EmailAddressPolicy “Policy Name” | FL command and verify that HasMailboxManagerSetting is set to False. If it is set to True, open the Exchange 2003 System Manager, go to Recipients, Recipient Policies and right-click the policy, select Change property pages… and uncheck Mailbox Manager Settings.

Unfortunately updating Recipient Policies that use LDAP filtering is not that simple. Running the following PowerShell command will upgrade all Recipient Policies:

Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”} | Set-EmailAddressPolicy –IncludedRecipients AllRecipients

However, the upgrade will also convert each policy’s LDAP filter criteria into (&(mailnickname=*)) – which is basically a wildcard that applies to all mailboxes. The result of this conversion will be that the first policy with this mailnickname=* criteria will get applied to any mailboxes not subject to a higher priority policy. This has the potential to change users’ e-mail addresses and cause severe disruptions in message delivery.

In this case the best practice is to convert the LDAP filters to OPATH filters. There is a PowerShell script in the TechNet Script Center Repository that was written to convert existing LDAP filters to OPATH filters. Administrators can also remove policies and manually recreate them using a command like this:

Set-EmailAddressPolicy “” -RecipientFilter {((MemberOfGroup -eq “CN=Contoso UK Users,OU=Groups,DC=contoso,DC=com”))} -EnabledPrimarySMTPAddressTemplate ‘’

This method should only be used during maintenance windows because it could cause brief delivery disruptions while being implemented.

No matter the approach, the takeaway is that any organization planning to implement hybrid coexistence between Exchange 2003 and Office 365 should evaluate their Recipient Policies beforehand and develop a strategy for updating them. Credera has extensive experience in designing, planning and implementing Office 365 migrations. If you have questions about this post, upcoming posts or Office 365 in general, please contact us.

Conversation Icon

Contact Us

Ready to achieve your vision? We're here to help.

We'd love to start a conversation. Fill out the form and we'll connect you with the right person.

Searching for a new career?

View job openings