Home » Exchange Server » Exchange Server Email Address Policies

Exchange Server Email Address Policies

There is a project running at the company I work for to separate one of the areas of the business into their own entity. Among other things this rebranding exercise also includes changing their primary email addresses.

For several versions of Exchange Server now we’ve had the capability to manage email addresses for recipients by using policies. In Exchange Server today these are referred to as Email Address Policies.

In this article I’ll provide an overview of the key concepts of email address policies and demonstrate some examples of how they can be used. The screenshots are from Exchange 2010, so this will look different if you’re running Exchange 2013 or later. However, the concepts are the same, so you can still learn from this article anyway.

The Exchange Server 2010 Default Email Address Policy

Any Exchange 2010 organization will have one email address policy named “Default Policy”. You can view this in the Exchange Management Console under Organization Configuration -> Hub Transport, in the Email Address Policies tab.

Exchange 2010's default email address policy
Exchange 2010’s default email address policy

One of my gripes with managing email address policies in the console is that you can’t open a Properties view to see how they are configured. However you can right-click and choose Edit to achieve the same outcome.

The first thing you’ll notice that the default policy is not scoped to any particular recipient container, so it will apply to any object in Active Directory. The other thing you’ll notice is that the policy will apply to “All recipient types”, not a limited subset of the available types such as mailboxes, contacts, or groups.

Scope of the default email address policy in Exchange 2010
Scope of the default email address policy in Exchange 2010

At the next dialog you get a chance to preview the results of the conditions in the email address policy.

Previewing the results of email address policy conditions

If you preview the default email address policy you should see all mail-enabled objects in the organization returned.

At the next dialog you’ll see the email addresses that the policy will apply to those recipients that fall within the scope of the policy.

Email addresses applied by the default email address policy
Email addresses applied by the default email address policy

So the outcome of this policy is that it will apply an email address of alias@exchangeserverpro.net (because alias is used if nothing else is specified) to any recipient type.

When are Exchange 2010 Email Address Policies Applied?

But when does the email address policy apply? At the next dialog we can see the schedule options for the email address policy.

Email address policy schedule options
Email address policy schedule options

The options we can choose from are:

  • Do not apply – the email address policy will be created (or edited) but not applied to the recipients that fall within its scope
  • Immediately – the email address policy will be applied immediately to the recipients that fall within its scope
  • At the following time – the email address policy will be applied at the nominated time. This is convenient if you are preparing the email address policy in advance of a scheduled change (such as the rebranding exercise I mentioned earlier)

Something you need to be aware of is that no matter which of the above options you pick right now, the email address policy will continue to be assessed and applied to recipients on an ongoing basis in the future each time a recipient is created or modified.

So for example when a new mailbox is created the email address policies are assessed and applied accordingly. Similarly, if you modify an existing mailbox user, for example to change their alias or move it to another database, the email address policies will be reassessed for that recipient.

For that reason you want to be sure that any email address policy that exists in your organization is ready to be applied to recipients.

Creating a New Email Address Policy with the Exchange Management Console

Click New E-Mail Address Policy to start creating a new policy.

New Email Address Policy
New Email Address Policy

For this example I’ve narrowed the scope of the email address policy to just one particular OU for “Example Corp”, the new business entity.

Select recipient container for new email address policy
Select recipient container for new email address policy

If that particular OU contained users in other companies I could also narrow the scope down based on Company or Department attributes, but in this example I don’t need to. Clicking Preview shows me the one user that exists in that OU so far.

Email address policy conditions
Email address policy conditions

Next I’ll add an SMTP address of %m@example.com to the policy (%m = “alias”).

Configuring SMTP addresses for an email address policy
Configuring SMTP addresses for an email address policy

Note that whatever domain you choose to use here needs to have already been configured as an Accepted Domain for the organization. If you haven’t already done so you can switch back to the Exchange Management Console and add the domain without having to cancel your new email address policy wizard.

Finally I will choose not to apply the email address policy just yet, so that I can demonstrate some scenarios for this.

Choosing when to apply the email address policy
Choosing when to apply the email address policy

Finally, click New to create the email address policy. If it all goes well you’ll see a successful completion message.

Completing the new email address policy wizard
Completing the new email address policy wizard

Note that the completion dialog reveals the PowerShell commands used behind the scenes to perform the task. This will be relevant later when we look at an example of creating an email address policy in PowerShell.

Applying Email Address Policies

Now let’s check the results. Because I chose not to apply the policy yet the user Amy Lawrence does not have an @example.com email address yet.

Email addresses before the policy is applied
Email addresses before the policy is applied

If I move another mailbox user into the same OU, they also do not have the email address policy applied.

User moved into OU
User moved into OU

Jo Rigby’s email addresses haven’t changed just because her OU membership changed.

No change to email addresses yet
No change to email addresses yet

However, if I modify Jo Rigby’s recipient properties, such as adding the new company name, and apply that change…

Modifying recipient properties to trigger email address policies
Modifying recipient properties to trigger email address policies

…the new SMTP address is immediately applied by the policy, because modifying and saving any change to a recipient triggers policy assessment.

SMTP addresses after email address policy is applied
SMTP addresses after email address policy is applied

If I simply wish to apply the email address policy to all of the users in that OU I can right-click the policy and choose Apply, and choose to apply it immediately or at a scheduled time.

Manually applying an email address policy
Manually applying an email address policy

Now Amy Lawrence also has the new @example.com email address without me having modified any of her other recipient properties, because I manually triggered the application of the policy.

SMTP addresses after email address policy is applied
SMTP addresses after email address policy is applied

You may wonder how primary SMTP address is determined when two policies are potentially valid for a recipient. The answer to that question is in the priority value of each policy. The policy with the highest priority will apply, but only that one policy applies.

For example, new user Bob Winder in the Example Corp OU gets mailbox-enabled and only receives an @example.com SMTP address from the “Example Corp” policy, but doesn’t receive an @exchangeserverpro.net address from the default policy that is of a lower priority.

SMTP address for a new mailbox user
SMTP address for a new mailbox user

So each policy needs to contain all of the SMTP addresses that you intend those recipients to receive, so that new recipients get them all. You can’t rely on different email address policies to apply cumulatively.

Note: Email Address Policies are Additive Only

You may have noticed in the examples above that the prior SMTP address of @exchangeserverpro.net was not removed from the mailboxes, it was simply changed to being a secondary email address.

This is due to the behavior of email address policies in that they are additive only. An email address policy will not remove or overwrite an email address on a recipient.

If the recipient falls out of scope of the email address policy they will not have any email addresses removed from the account, though their primary SMTP address may change when a different policy applies. In the case of Jo Rigby, if she is moved out of that OU and her company attribute changed again (or any other modification made to trigger policy assessment) she reverts to an @exchangeserverpro.net primary SMTP address, but retains @example.com as a secondary address.

SMTP address changed after policy no longer applies
SMTP address changed after policy no longer applies

Nor will the removal of the email address policy entirely cause recipients to lose those email addresses.

Removing an email address policy
Removing an email address policy

Note that removing a policy causes those recipients to assess policies again. Amy Lawrence’s primary SMTP address changed back to @exchangeserverpro.net with no other recipient modification or manual applying of other policies required, but again she retained the @example.com secondary address.

SMTP addresses after email address policy is removed
SMTP addresses after email address policy is removed

Creating a New Email Address Policy with the Exchange Management Shell

There will be times when you find the options available in the console when creating a new email address policy are not suitable for your particular scenario. In those cases you can use the Exchange Management Shell to create a more specific filter for the email address policy.

Email address policies are created using the New-EmailAddressPolicy cmdlet. This cmdlet has a -RecipientFilter parameter that opens up a whole lot more possibilities (the documentation refers to Exchange 2007 but is unchanged for Exchange 2010) for defining the scope of your email address policies. Just be aware that it can’t be used in combination with some other parameters, all of which is spelled out here.

So let’s look at one example of creating an email address policy in PowerShell using the capabilities of -RecipientFilter.

To begin with I’ve removed the policy I created in the console earlier, and manually removed the @example.com addresses from those mailboxes to start over with a clean slate.

Example Corp users in their OU
Example Corp users in their OU

Now I’ll create the email address policy, using a recipient filter that checks display names for the string “(Example Corp)”. The new policy will have the following properties:

  • A name of “Example Corp”
  • A priority of 1
  • An email address template of “SMTP:%m@example.com” (the upper-case SMTP defines the primary SMTP address, lower-case would be a secondary SMTP address)
  • A recipient filter for the DisplayName attribute of “*(Example Corp)” (the * is a wildcard)

Running that as a command in the Exchange Management Shell looks like this:.

Now the new email address policy has been created, but as before it has not yet applied to any recipients. To trigger the policy for the three Example Corp users I’m going to modify their display names to append “(Example Corp) to them. I’m just doing them individually here but you could script it if you had a lot of mailbox users to modify.

Jo now has the @example.com SMTP address assigned by the new policy.

And if I change her display name so it no longer has “(Example Corp)” in it, she reverts to the primary SMTP address @exchangeserverpro.net and retains the @example.com as a secondary SMTP address.

Hopefully this article has provided you a good understanding of how email address policies work in Exchange Server 2010, and given you some ideas on how you can use them in your own Exchange organization.

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server


  1. Rusty Shackleford says:

    Excellent article. This is one of the most complete ones I have read. I appreciate you covering how a new policy impacts existing email addresses and the impact of removing an email address policy.

    • Sagar says:

      Totally agreed.
      Reading this in year 2016 as I have to take over a new project and provide support.
      Just got the access to the Exchange server and got overwhelmed by the Email Server Policies. I was searching all over the internet for simple explanation.
      But finally found the simple and nicely explained article here. Thanks a lot Paul.
      Amazed how you take out time to make these articles in between your consultations.

      • Sai says:

        I am trying to check if there is a way we can force a reassessment of policy.

        My Requirement – When First/Last Name Changes New Primary SMTP should be set accordingly.

        Can i simply disable and enable the Mailbox account ? This is prod…will i lose anything ?


        • If you disable the mailbox all of the Exchange attributes are removed and the mailbox is marked for deletion in the database. So I do not recommend doing that.

          Email address policies are re-evaluated any time a change is made to the mailbox using Exchange management tools.

        • Filipp Geyer says:


          there’s a cmldet update-recipient, which should reaply Address Policies (together with other stuff like updating Addresslist-Membership etc), if the relevant Attributes were not changed with Exchange Management Shell. Give it a try…



  2. Filipp says:

    really nice post. There’s only one Information I miss (and also can’t find on MS): What happens, if the Policy chooses an address, which is allready used by someone else. P.Ex. if you have your 2nd Jo Rigby (in the same OU). Will he get no Addresses then? Will he get Jo.Rigby2@example.com? Can you controll this behaviour?
    Best Regards

  3. Fred says:

    Great article! This topic always gets a little fuzzy if I haven`t worked with it for a while. This cleares things up in a very pleasant way. Thank you for posting it this clear.


  4. Daryn says:

    So just a verification, if I change the primary smtp address in the policy and hit “Do Not Apply”, it won’t apply anything then, it’s only going to do it to new accounts thereafter? I need to change ours but want to make sure it’s not going to go off to the races adding and changing everyone’s address, I don’t want to have to correct 20K users.

  5. Filipp says:


    > I don’t want to have to correct 20K users.
    Hehe, that’s why many people hate EAPs. Okay, to be mor exact: It’s the uncertainty, what makes people hate it. That’s why I went over to deactivate “Autmatically update…”, that gives you certainty. Realy: What do you need automatic updates for? If I ever come to update EMail-Addresses for our users, I would _always_ do this with a customized script, where I can fully control what happens, and I would _never_ leave this over to some background process. What should be the adantage of it?



  6. nick says:

    Ace article!
    Quick question:
    Is an email address policy a requirement as part of adding a new accepted domain? I am adding a new domain to accepted domains, but it’s only going to be used for 1 or 2 mailboxes. Can’t I just manually configure the SMTP address for those mailboxes?

  7. Tobias says:

    After changing the policy from alias to firstname.lastname the out-of-office function was broken for all the users in Outlook and I can’t seem to fix it. It works in OWA.

    Do I need to make any change anywhere to make this work?

  8. RC says:

    great article, thanks Paul …what would we do without you ? nothing else out on the web even close to as informative as this article on the subject…

  9. KCF says:

    Thank you for the article Paul.

    Is it possible for a deleted address policy to break and continue to issue addresses to users? I have several users that have addresses associated with a dead and removed domain. The addresses repopulate if I delete them. Looking at the user I see they belong to 2 email address policies (get-mailbox “user” | select-object policiesincluded). Yet I can only validate the existence of 1 policy based on its GUID. I cannot locate a GUID to match the other policy in my email address policy list.

    I’m open to suggestions. Thank you so much.

  10. Lucky Hamu says:

    I have a quick question that I applied email address policy for our new domain but when user receives email from external domain the address shows the secondary domain email address. kindly guide how to set this policy default that shows in new domain entry while receive email.

  11. Pradeep kumar says:

    Hi Paul,

    Is there any possibility in Exchange 2010 if we can create email policy with “SAMAccountname@domain.com”.

    In my case Alias name and SamAccountname are different.

    Thank you!

  12. Luke says:


    I have a policy that was setup to add Full Access Permission for two admin users to have access to any new mailbox that is created by a previous administrator that no longer works for this company. I can’t seem to find out where that policy would be in place. I would like to edit that policy to remove his user and replace it with mine. This seems to be the location for that, but I am not seeing any options for it.

    • That is not an email address policy. My guess is they’ve added permissions at the database level (run “Get-MailboxDatabase | Get-ADPermissions” and look through the output).

      What you’re proposing is not ideal, in my opinion. I always grant and then remove mailbox permissions as required on a case by case basis, rather than leave a persistent ACL in place.

        • Roger Johnson says:

          Here is a really basic version of a script to do this. Basically you pull in the proxy addresses that are NOT part of the domain yuo want to remove, the take that variable and make that the new proxyaddresses value.

          $o = Get-Mailbox -Identity {user}
          $address = $o.emailaddresses |where {$_.proxyaddressstring -notmatch “domain to remove}” -AND $_.prefixstring -ne “x400”}
          Set-Mailbox -Identity {user} -EmailAddresses $address

          you can expand that in all kinds of ways with some basic looping. I cleaned up a large number of users using this model, both old E2k X400 addresses and SMTP addresses. With a little work you could do prefix removals as well (if you go decide to do a mass change of the prefix for a domain.)

  13. Ramon says:

    Great article Paul.

    One question: I’ve migrate my exchange server from 2003 to 2010

    Before that, if I sent a document pdf by email from my multi-function printer using the alias (without @mydomain.com) in the to: field, the server sent the email.

    Now, in 2010, if I use the alias doesn’t work, but if I use alias@mydomain.com it works.

    Some ideas..

    Thanks in advance


    • Exchange 2010 won’t accept an invalid address as the “From” address. An alias without the @domain.com is not a valid address. So the solution is to make sure your devices (or any other application) that is going to use the Exchange 2010 server for SMTP is using a valid address.

  14. Mike S says:

    Nice article. I have a scenario not covered. Exchange 2007 has 4500 users. Added Exchange 2010 servers to the mix to prepare for a migration. Address policy applies based on a specific custom attribute 1 value as default however about 10 percent of the accounts have the auto update address unchecked in EMC to allow a custom address to be used as default SMTP. When we “local move” the mailbox the address box becomes checked and a new primary SMTP based on the existing policy applies as default. We need to manually remove the check and reset the custom address. How can a user be moved without the address policy turning back on if originally unchecked? Thanks.

  15. Mike S says:

    Thanks for the confirmation. We are reviewing patch levels on the servers and settings now to try and determine the cause. We have 600 accounts out of the 4500 affected so a MS call may be needed. If something is found I will post.

  16. Mike S says:

    Looks like at some point the mailbox checkbox to apply the policy gets turned on for some accounts while on Exchange 2007 however not until the mailbox is actually moved (modified seems to be the trigger) to Exchange 2010 does the address policy update and make the change. We have exported the SMTP addresses to have a reference in case a user goes incorrect after the move and we need to restore their Primary SMTP. Odd but workable.

  17. Gareth Gudger says:

    Thanks for the great article Paul.

    How can you tell what Address Policies the user is receiving aside from examining the SMTP addresses? Not seeing anything in Get-Mailbox or EMC/EAC to indicate which policies are actually applying to the user.


  18. Chris F. says:

    Very informative write up. Thanks very much. One of the issues we have when creating mailboxes, being a large organization is when we have more than one person with the same first initial and last name. For example, jsmith@corp.com. Logically the next jsmith would be jsmith2 , etc. However, when we hit magic number 10 it gives us something like jsmith1b984c@corp.com. I assume this is like a hex representation but would really like it if it would just keep incrementing 10, 11, 12,13, etc. without having to manually edit the newly created address to correct it. Any help would be appreciated.

    Thank you.

  19. Shane Bryan says:

    Hi guys. Is there a powershell command I can run to list the users not inheriting the default email address policy?

    We’re about to make a change and I want to know beforehand, how many user objects I will need to update manually.

    Cheers Shane.

    • Sort of… The recipient filters on the email address policies can be used to filter Get-Recipient cmdlet results… so I guess one way to look at it would be:

      [PS] U:>$filter = (Get-EmailAddressPolicy “POLICY NAME”).RecipientFilter
      [PS] U:>Get-Recipient -Filter $filter

  20. Shane Bryan says:

    Thanks Paul. That listed everyone. What i’m after is a list of people with the “Automatically update e-mail addresses based on e-mail address policy” option unticked on their profile.

    Is that doable do you think?

  21. Liam Barry says:

    Great Article Paul,

    I need to add 350 SMTP secondary email address’.

    Can this be done via EAP ?

    All users are in the same OU. They have a primary SMTP that I do not want to change but need to add a secondary address.


  22. Ivan says:

    Hi Paul,

    I have a problem with “department” attribute for distribution groups.
    There is some DGs with department = DEPT1

    Also there is 2 EAP:
    Priority 1 – Catch all recipients with department = DEPT1 and assign %m@DEPT1.com
    Default – Catch all recipients and assign %m@default.com

    If I manually apply (via ECP) EAP with priority 1 then all DGs with department = DEPT1 will get @DEPT1.com addresses as it should be, but if I change one of those DGs, for example display name, default policy will set %m@default.com address.

    This occurs only with distribution groups, all users behave correctly.

    I have Exchange 2010 SP3 RU6. AD Forest 2008 r2 with no migrations in past.
    I will be appreciated for any advice.

  23. Joe C says:

    That’s for the informative write up. I have a question about Distribution Groups. I cannot find a way to have the email address policy applied to the Distribution Groups even though I have the box checked off to automatically update email addresses based on the email address policy. Do I need to choose All Recipient Types when creating the policy?

    Is there a way in EMS to check if the policies are applied to the distro groups like you can with mailboxes? Thanks

  24. Diego says:

    Hi Paul,
    I’m trying to find a command to remove a secondary SMTP address on Exchange 2007. Set-Mailbox -EmailAddresses @{remove=”example@mydomain.com” is not working for me. I’m receibing the following output:

    Set-Mailbox : Cannot bind parameter ‘EmailAddresses’. Cannot convert the “Syste
    m.Collections.Hashtable” value of type “System.Collections.Hashtable” to type ”
    At line:1 char:55
    + Set-Mailbox -Identity mydomainexample -EmailAddresses <<<< @{Remove="example@rootdomain.com"}
    + CategoryInfo : InvalidArgument: (:) [Set-Mailbox], ParameterBin
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Exchang


    What I'm doing wrong? There's another command to perform this with powershell?

    Thnks in advance.


  25. david says:

    does the edit of the default email address policy in exchange 2010 affects all existing users?
    I want for now only the new users to obtain a different smtp address.


  26. Merlyn Zong says:

    Paul, thanks for your contribution on email address policy.
    I have a question on how the sequence of Email Addresses works.
    I manage 2 Exchang 2010 organzation

    Policy (organzation 1)
    1. @b.com
    2. @a.com (reply)
    Email addresses:
    1. name1@b.com
    2. name1@a.com (reply)

    Policy (organzation 2)
    1. @b.cm (reply)
    2. @a.cm
    Email addresses:
    1. name1@a.cm
    2. name1@b.cm (reply)

    proxyAddresses of AD user propertity will have the same sequence as Email addresses. Because I need to use the vbs to get the proxyAddresses of each user, it will always use the first one of Email addresses in Exchange. I wonder can we have the addresses in order for the new user account, like name1@b.com or name1@b.cm will be the first address(reply).
    I know the new domain will be the first one in Email addresses if I create/modify the policy.

  27. Renggli Joerg says:

    Hi Paul,

    Excellent article as always !
    We have an old e-mail policy that I don’t really understand, hope you could clarify it for me.

    The policy was made by powershell, the recipients filter is “DisplayName -eq ‘@mustnotmatch!'” and under “Aplly Additional Inbound Domains” are about 30 different maildomains.

    Could you think about a scenario that for that policy?

    Thank you for your time

      • pramod says:

        i am creating mailboxes for the users but when i create them some unknown numbers come with the email addresses like -78654@domain.com is it because email address policy is not applied to that domain?

        • If an email address is being automatically applied, then it is being applied by an email address policy. If you have multiple policies, then you need to work out which policy is applying to that user, and look at the email addresses that the policy is configured to apply. Also keep in mind that the policy can’t apply the same address to multiple users, so if there’s a conflict then it will append characters to the address to keep them unique.

  28. James says:

    When using EMC, you get a chance to preview the results of the conditions in the email address policy. Is there an equivalent to doing this using EMS?

  29. Michael says:

    Hi. Suppose you have an organization with 300 mailboxes and 100 of them have the check box UNchecked to Automatically update e-mail addresses based on e-mail policy? What would be the easiest course of action to have all of those accounts update with the newest SMTP Address in the new policy?


  30. Michel says:

    hi Paul,

    Thans you for the article!
    Only I got a question about the applied setting. There was an earlier question from someone, but I dined’ find an answer for my situation.

    I created some email address policies with ems, but afterwards the setting was set as ” not applied “, but I noticed that the policy is applied for new mailboxes with matches the recipient filter. Also adjusting existing mailboxes with the automatic update setting on forced the email address to change as mentioned in the policy. So I did not find any difference, applied or not, same result!?! Do you know why?

    Running 2010 sp3-ru7


  31. basavaraja says:

    Very nice blog.
    I am not seeing the below policy option in the exchange server.
    3. RemoteWipe

    Thanks in advance.

  32. Fredrik says:

    Hi, great instruction. I managed to do all of the above and everything works fine except Outlook anywhere for the new users. I can’t find any configuration differences between the users on the AD level but they just refuse to connect. If I test and just change the user credentials to an “old” user on my tablet it works fine. Unfortunately I don’t have any logs or anything of that nature (yet) since I am not very experienced with Exchange2010.

    Is there any other step I have missed that I need to do to get these users to work?

    Any pointer would be very appreciated.


      • Fredrik says:

        Hi, i don’t know if i changed anything. I wanted to add a domain and create three users that would have xxx@newdomain.se as their defualt email. Did as the instruction above and all works just fine except outlook anywhere. When i try to connect with one of the new users my tablet just times out. I have successfully connected with an old user from the tablet so I am pretty sure it’s not the tablet.

        You really suspect that it is some permission issue but I am far from an expert on exchange and I can’t find any config differences between an old user and the new one except for the email adress and the fact that new users are in a different OU as in the instructions above.

  33. Fredrik says:

    Hi again, just got it to work now. Checked eventviewer for errors and found event 1053

    Exchange ActiveSync doesn’t have sufficient permissions to create the “CN……

    Had not set the new users to get inherited permissions.

    Thanks anyway.

  34. John Hoye says:

    Paul, I’m about to implement this change myself, and had the curious question asked if this would affect conversation view in outlook clients. I am going to test anyway, but was curious if you knew ahead of time if conversation view for client’s would change if their reply address was changing due to the address policy.

  35. Nashty says:

    I just edited my default E-Mail Address Policy removing an SMTP Address for the local Domain since it is not routable. My belief after reading this article was that existing accounts would not have the change affect their existing email addresses since “Note: Email Address Policies are Additive Only” The Policy removed the local domain SMTP address from all Recipients?

    Running Exchange 2010-SP3

  36. Andrew Moss says:


    What would cause a newly created policy not to work? I setup a new on using the steps listed here but even after applying the policy the new address is not added to the recipient in the OU

  37. Dan says:

    We’re migrating mailboxes to O365 in a hybrid configuration with Exchange 2013 and we need to change the primary email address for all users to a new address, but we cannot do that before migration for various reasons, so we have to perform it once all mailboxes are migrated to O365.

    Is using a policy the right approach here? How is AAD Connect affected by this if at all? The 2013 hybrid will remain on-prem with no mailboxes and purely as an admin server post migration.

    Thanks, Dan

      • Dan says:

        I had a read through your O365 ebook and a few forums… Would the below pan out as easily as this? Just after the easiest and less impact to users of performing this post-migration.

        1. New domain added into the O365 tenant and verified
        2. Update the Exchange on-premise Email Address Policy to use the new email address
        3. AAD Connect will now sync the updated “WindowsEmailAddress” property, which will in turn update any mail enabled objects “PrimarySMTPAddress” property in O365
        4. All objects are now updated with the new email address using the new domain

        Seems to easy… what have i missed? 🙂

        • Sounds like you’re planning to modify the existing EAP and have it apply to everyone in one go. That wouldn’t fly in most of the change management processes I’ve worked under.

          • Dan says:

            Will most likely create a test policy identical to the existing one, add in a few users and apply the new email domain to the new test EAP. Check it works, make sure there aren’t any AD conflicts and then apply it across the entire user population. Only about 2,000 users, so hoping it’s not too much of an issue.

  38. Robert Woods says:

    Need to change our domain from @domainname.com to @DomainName.com for vanity reasons. Were building a People/Phone list in sharepoint and all the domains are not uniform. Since policies are additive only is there any way to use one to achieve the formatting I want?

    • You’re just trying to change the case of the email address? You’ll probably need to write a script that disables email address policies for the mailbox, removes the lower case SMTP address, adds back the same address with the desired case, and then re-enables email address policies for the mailbox.

  39. Marietta says:

    We are preparing for the rebranding of the company which also includes changing the primary email addresses. We are going from first.last@internal.company.com to first.last_Initial@internal.company.com. I know I can create a policy for this but there are several who prefer firstname@internal.company.com. Can I set the policy and manually or run a script to create the email with first name only? Also will I need to manually add the email address for any future account with first name only?

    • Use a policy to configure the bulk of the users to the standard. For an exceptions you can disable them from using email address policies and manually add whatever email address they prefer.

      For new accounts, yes usually you’ll need to manually deal with them. Mailboxes create with EAP enabled by default, so post-creation you could disable the mailbox for EAP and manually add the preferred address.

  40. Bealeki says:

    If we have a mail user (resource) with just a firstname i.e. support, and we update the default policy to change the primary SMTP address to be ‘firstname.lastname@newdomain.com’ (%g.%s@newdomain.com), is it intelligent enough to just create ‘support@newdomain.com’ or will I end up with ‘support.@newdomain.com’?

    • If you’re concerned, you can exclude that mailbox from the email address policy so that any changes don’t impact it. You can then manually set whatever email addresses it requires.

      Another approach is to use the alias in the email address policy instead, e.g. alias@domain.com (which I think is %m@domain.com in a policy), and then set each recipient’s alias to the desired value. That’s worked well for me in the past.

      • Andrew says:

        Hi Paul/all,
        I am adding a new accepted domain, in a customer’s Exchange2010/EOP setup.
        Once i add them, i dont wish to create an email address policy, as this is to be done/edited at a later stage of the project.

        Would i be able to test sending/recieving, by disabling the “automatically update email addresses based on e-mail address policy” checkbox only on my user mailbox, and manually adding the necessary SMTP entries ?

        If yes to question above, would the rollback mean only eliminating the newly added SMTP entries, and checking the tickbox back?

        Thanks in advance.

        • You can manually add secondary SMTP addresses without disabling the policy for a mailbox. It’s only if you want to modify the primary email address that you need to disable policies for that mailbox.

          If you disable policies, then re-enable them later, the policy will never remove any addresses from the mailbox.

  41. Nick says:

    Hi all,
    I am trying to create a new setup as part of a project for a customer, on E2010.
    The current setup is the following:
    Email address policies :
    Priority 1 – For all groups and dynamic groups, add smtp entry as @internal.domain1.com
    Priority 2 – For all ex employees of domain2 company(based on custom attribute) add firstname.lastname@domain2.com and firstname.lastname@domain1.com
    Priority 3 – all recipients get alias@domain1.com and firstname.lastname@domain1.com
    Default (lowest) – the only entry here is @domain1.com (this is weird…..)

    I am trying to introduce a newly bought domain3.com in email addresses. I have setup all the other pre-reqs (accepted domains, connectors, etc.), but im unsure which of the above policies i should modify?
    Should i go about and modify only the Priority 3 one, adding alias@domain3.com and firstname.lastname@domain3.com . as secondary entries? Should i also modify the Priority 2 one, for the ex-employees of domain2.com to also include domain3.com addresses?

    Im afraid that if I only modify priority3 policy, since its for all recipients, it will also affect contacts/DLs, etc? I just dont want it to break anything, to an irreversible state..

    I can see that a DL that would be affected by the policy1 settings is also affected by the policy3 or the default settings, so if i modify policy3 and manually apply, it will add SMTP entries?
    my DLs only have address@internal.domain1.com now…. and i cant figure it out how.

    • Email address policies are not cumulative. Only one policy applies to a recipient at any given time, but the recipient might have other SMTP addresses that were previously added by a different policy (because policies only ever add addresses, they never remove them). So the short answer is, you would need to add the new domain to every policy that is applying to the recipients you want to add the new domain to. If you only add the new domain to policy 3, only those recipients that policy 3 applies to will get the new domain.

  42. Dave Tammi says:

    Hi Paul,

    Is there any way to estimate how long it will take to apply a policy to 4000 users? What affect the time to complete?

Leave a Reply

Your email address will not be published. Required fields are marked *