How to use a second domain
-
Thursday, February 14, 2013 5:03 AM
I have added a second accepted domain name to exchange but am not sure what to do now.
I want to add a second email address to a current user so that they can access it on there phone and through outlook\owa
I also wish to set up 2 other users that will have access to just email if possible as the second domain is for a side business and not related to the first.
I hope you guys can make sense of that as any help would be great. Sorry if this is a simple thing I looked on google but I was not really sure what I am looking for.
All Replies
-
Thursday, February 14, 2013 8:19 AM
As you only need access for a few people its easier to configure this on a user basis and not setup a policy. Please note with both ways will give a primary send address and the rest will be for receiving.
user basis > go to the users mailbox and find email address tab and add the emails in there. Set primary address to the one you want them to send as. Make sure you click do not apply policy.
if you want to set a policy then its under hub transport under org wide. There will be a domain policy tab > add new policy > add new domain name email address > apply filter for department or something. > set this policy above the sbs one.<o:p></o:p>
do the same again but add both the new and old.
you will then need to change department or whatever filter you applied to the users. go to AD and Users and change the department or whatever to your filtered name.
Gareth | IT Support
-
Friday, February 15, 2013 8:41 AM
Hi,
I would suggest Always use an Email address policy if it is only for a couple of people now it might be for more in the future.
On how to add a second domain and create an Email address policy please follow this blog post: http://blogs.technet.com/b/sbs/archive/2011/04/13/how-to-configure-sbs-2011-standard-to-accept-e-mail-for-multiple-authoritative-domains.aspx
Regards Ronny
-------------
Visit my Blog or follow me on Twitter -
Friday, February 15, 2013 12:28 PM
Why not use a cloud based exchange Office365 and get users trying that out to see how they like it for future upgrades.
Microsoft sells from approx £3 a month to £15 a month per user an online Exchange server. This would give a full exchange experience, (microsoft does the backups and retentions) for the second domain.
Further with the more expensive options comes with latest version of Office for installation on 5 user pc's
http://www.microsoft.com/en-gb/office365/compare-plans.aspx
Also Outlook can have multiple exchange links set up
This gives an OWA and of course your user phoens can connect to... its like having a second exchange server for your clients from £40 a year per user
Just a thought
p.s. this is the way Microsoft is pushing after SBS2011
-
Sunday, February 17, 2013 9:06 PM
Sorry this took so long to respond to but I wanted to make sure that I was not missing something.
I am getting him to check the MX records as I don't think that they are right.
I added a second email address to the primary domain user in EMC -> Recipient Configuration -> Mail Box -> Email Addresses
However I get bounce backs if I try to send mail to it.Also I added the accepted domain to EMC -> Organization Configuration -> Accepted Domains
is this all that I need to do?
As for the tip on using the cloud he does not want to have on going costs that it why he bought SBS2011 in the first place.
-
Sunday, February 17, 2013 9:39 PMthe MX record needs to be the same as the primary one.
Gareth | IT Support
-
Sunday, February 17, 2013 10:28 PM
Yeah I don't think it is though.
I have him calling the provider to check.
@ronnypot
I missed your post somehow but that was indeed the guide that I followed.
- Edited by sevengs Sunday, February 17, 2013 11:01 PM
-
Monday, February 18, 2013 10:49 PM
Ok, there is defiantly something wrong with his DNS\MX records.
Once that issue is sorted out I am still unsure what the best way to create the users that are not part of the primary domain. These users will only need access to email (OWA\Outlook\Mobiles) but I am unsure if it is a possibility to block them on the domain. Although not allowing them RDP access should cover my bases, I wonder if there is a better way.
I would also like to make it so my mate (owner of domain) can set up users for both domains with the console. I thought about using a filter based on something but there does not seems to a common category between the new user console and options given in the email policy (e.g Company is in the policy but not in the new user console)
Am I asking to much here should I just do it manually for him each time?
-
Tuesday, February 19, 2013 8:22 AM
Hi,
To test DNS and MX records you may run https://www.testexchangeconnectivity.com/ to see where things are going wrong.
About the users setup I would suggest creating a new user roles for those users. When a new user role is created there is a new disabled user account created in Active Directory Users and Computers, (in the OU, MyBusiness, Users, SBSUsers) you can edit this account and add a company or departement which you use in the Email address policy. When a new user is created it will in the background make a copy of the disabled user account and so also copy the settings you made in ADUC.
Regards Ronny
-------------
Visit my Blog or follow me on Twitter- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Monday, March 04, 2013 7:35 AM
- Unmarked As Answer by sevengs Monday, March 04, 2013 8:13 AM
- Marked As Answer by sevengs Thursday, March 14, 2013 12:06 AM
-
Tuesday, February 19, 2013 8:58 PM
Ah that's exactly what I wanted! Don't know why I could not find that answer on google..
I'll give it a bash today.. and hopefully this solves his problems.
As for MX records, I can see that they are wrong but don't have access to change them so he has to deal with that.. They are meant to be making both domain names match so that should solve it, just waiting for them to get there act together..
-
Tuesday, February 19, 2013 11:29 PMSo I did what you said and edited the template user in AD to have the company name for the second domain but when I created a user using this is still gave them a email address with the first domain name and didn't even create a secondary email with the right domain name.. did I miss something somewhere?
-
Wednesday, February 20, 2013 7:59 AM
Probably the Email address policy for the first domain has a higher priority than the second. Email address policies are applied in order and the first that hits the condition set is applied. It will never apply two email address policies.
So you should put the email address policy for the secondary domain with a higher priority than the other policy.
Regards Ronny
-------------
Visit my Blog or follow me on Twitter- Marked As Answer by sevengs Thursday, March 14, 2013 12:06 AM
-
Wednesday, February 20, 2013 8:35 PM
I think your right, I had new domain as 2 and default as lowest but I think that the policy Windows SBS email Address policy needs to be higher then 1.
Actually, when I set that and pick the user role, it still has domain 1 next to email address not domain 2..
I tried to reapply the policy but nothing happened.
- Edited by sevengs Wednesday, February 20, 2013 8:41 PM more info
-
Friday, February 22, 2013 8:14 AM
-
Monday, February 25, 2013 1:16 AM
[PS] C:\Windows\system32>Get-EmailAddressPolicy Name Priority RecipientFilter ---- -------- --------------- Default Policy Lowest Alias -ne $null Windows SBS Email Address Policy 2 Alias -ne $null Koggles Email Policy 1 ((Company -eq 'Koggles') -and (Alias..
[PS] C:\Windows\system32>Get-EmailAddressPolicy "Koggles Email Policy"|fl RunspaceId : 0a33ff3d-79d7-496c-953a-06ef84b024d5 RecipientFilter : ((Company -eq 'Koggles') -and (Alias -ne $null)) LdapRecipientFilter : (&(company=Koggles)(mailNickname=*)) LastUpdatedRecipientFilter : ((Company -eq 'Koggles') -and (Alias -ne $null)) RecipientFilterApplied : True IncludedRecipients : AllRecipients ConditionalDepartment : {} ConditionalCompany : {Koggles} ConditionalStateOrProvince : {} ConditionalCustomAttribute1 : {} ConditionalCustomAttribute2 : {} ConditionalCustomAttribute3 : {} ConditionalCustomAttribute4 : {} ConditionalCustomAttribute5 : {} ConditionalCustomAttribute6 : {} ConditionalCustomAttribute7 : {} ConditionalCustomAttribute8 : {} ConditionalCustomAttribute9 : {} ConditionalCustomAttribute10 : {} ConditionalCustomAttribute11 : {} ConditionalCustomAttribute12 : {} ConditionalCustomAttribute13 : {} ConditionalCustomAttribute14 : {} ConditionalCustomAttribute15 : {} RecipientContainer : RecipientFilterType : Precanned Priority : 1 EnabledPrimarySMTPAddressTemplate : %m@Koggles.com EnabledEmailAddressTemplates : {SMTP:%m@Koggles.com} DisabledEmailAddressTemplates : {} Enabled : False HasEmailAddressSetting : True HasMailboxManagerSetting : False NonAuthoritativeDomains : {} AdminDescription : AdminDisplayName : ExchangeVersion : 0.1 (8.0.535.0) Name : Koggles Email Policy DistinguishedName : CN=Koggles Email Policy,CN=Recipient Policies,CN=First Organization,CN=Microsoft Ex change,CN=Services,CN=Configuration,DC=rise,DC=local Identity : Koggles Email Policy Guid : 65bfba06-cb26-4a4e-b56c-ba2c94174ee9 ObjectCategory : rise.local/Configuration/Schema/ms-Exch-Recipient-Policy ObjectClass : {top, msExchGenericPolicy, msExchRecipientPolicy} WhenChanged : 21/02/2013 7:38:32 AM WhenCreated : 5/10/2012 9:59:07 AM WhenChangedUTC : 20/02/2013 8:38:32 PM WhenCreatedUTC : 4/10/2012 11:59:07 PM OrganizationId : OriginatingServer : SBS2011.rise.local IsValid : True
-
Monday, February 25, 2013 7:44 AM
This all looks correct and when you look at the user that needs this email address it had the company field filled with Koggles?
When you do a apply on the email address policy, nothing stange happens? Are there any errors or warnings in the event log (Application or System)?
Can you run an exchange best practice analyzer (Exchange management console, toolbox)
Regards Ronny
-------------
Visit my Blog or follow me on Twitter -
Monday, February 25, 2013 2:41 PMModerator
http://titlerequired.com/2011/07/14/sbs-2011-standard-additional-accepted-email-domains/
Not sure if this is needed but, my post on Multiple domains.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+
-
Monday, February 25, 2013 3:32 PM
-
Monday, February 25, 2013 4:13 PMModerator
RunspaceId : 0a33ff3d-79d7-496c-953a-06ef84b024d5 RecipientFilter : ((Company -eq 'Koggles') -and (Alias -ne $null)) LdapRecipientFilter : (&(company=Koggles)(mailNickname=*)) LastUpdatedRecipientFilter : ((Company -eq 'Koggles') -and (Alias -ne $null)) RecipientFilterApplied : True
I would say the issue is with the filter.
Based on a skim read, i would change the filter to just search for Company -eq Koggles.
I would also use the Preview, in the GUI, and see how many recipients are being picked up by the filter.
Robert Pearman SBS MVP
-
Tuesday, February 26, 2013 1:07 AM
@RobertPearman
I have only got one permission and it is for company=Koggles
I also can not see where the preview is, can you tell me?@ronnypot
If I look in AD that user has the company name in the Organization tab, does it also need to be in the mail box somewhere?
I looked in the event viewer but nothing stood out, but that may not mean much as I really don't know exchange.. -
Tuesday, February 26, 2013 9:16 AMModerator
In the link i posted -
http://titlerequired.com/2011/07/14/sbs-2011-standard-additional-accepted-email-domains/
Search for "You can then click Preview" and that will show you what i mean.
I can see you have your filter set to all recipient types, as well as company -eq but i would change that just to 'users with exchange mailboxes'
Robert Pearman SBS MVP
-
Tuesday, February 26, 2013 9:29 AM
The information you see in AD users and computers or SBS console or Exchange are all the same it is all stored in AD for this user account.
But if you would like to see the company field in Exchange, do properties on the specific user account and go to the Organization tab.
Regards Ronny
-------------
Visit my Blog or follow me on Twitter -
Wednesday, February 27, 2013 3:58 AM
If i hit preview it has the one account that I have made already (but had to change the email after it was created) should the domain change on this page when I select the policy?
-
Wednesday, February 27, 2013 4:00 AM
Ok, company shows in both.
At what stage does it apply the policy? Does it do it as its created or does it run on its own schedule?
-
Monday, March 04, 2013 8:14 AMUnmarked as answer as it still does not work.
-
Monday, March 04, 2013 9:57 AMModerator
OK, lets go over this again.
Lets find the users that match your filter.
Open the Exchange Powershell then do this:
Import-Module ActiveDirectory Get-AdUser -Filter * -Properties * | where-object { $_.Company -eq "Koggles" } | foreach { $_.Name }This should list all the users that are picked up by your filter.
Robert Pearman SBS MVP
-
Tuesday, March 05, 2013 2:46 AM
When I ran this I got just the one name that I created manually. So I created a new user based of the User Role that I created before where the template user has Koggles as the company name.
I then noticed that the new user didn't get this company name copied over to there account upon creation.
Once I added that company name in AD and refreshed the policy it was working.So my problem is still how to set this up for my mate who has no idea about all this stuff so that he can do it through the console.
Somehow I need a User Role that will differentiate between the 2 company's and that I can also apply the profile off so that it is all automatic.
Does this make sense? I'm not really all that sure of what I am doing either..
-
Monday, March 11, 2013 2:02 AMIs this possible? From the post above I though it was.
-
Monday, March 11, 2013 9:12 PM
I have just checked on my SBS 2011 demo machine, as I was convinced it works this way, but it didn't. It does not copy the Company value to the newly created account for the second domain user role.
So sorry about the misunderstanding but the only options left are, you have to learn your mate how to enter the company field manual via AD users and computers or Exchange management console or you can create a powershell script that could do this.
Use something like this:
$username=Read-Host "Please enter a username"
set-user -identity $username -company "COMPANY NAME"
Regards Ronny
-------------
Visit my Blog or follow me on Twitter- Marked As Answer by sevengs Thursday, March 14, 2013 12:07 AM
-
Thursday, March 14, 2013 12:05 AM
Thanks.. I just assumed that I was doing something wrong.
I will work something out with him...
Thanks again for your help guys!
.png)
