Exchange 2010 email policies

I had a conversation recently with a customer about email address policies in Exchange 2010. Here is the truth, straight from technet and verified in the lab.

1. You can NOT create an email address policy for a domain that is not an accepted domain. Exchange does care, even if the customer doesn’t.

2. When you create an email address policy you have 3 choices, “don’t apply”,” apply Immediately” or “schedule the apply”.

a. Apply “Immediately” applies to all applicable recipients as soon as it can get to it.

b. Schedule the apply, applies after the scheduled time(starting at that time).

i. Remember  when applying in a larger environment it can take some time to apply.

c. “Do Not apply”, does not apply the policy at all.

3. When creating a new object the policy gets applied to that object(no matter how, or if the policy was ever applied before).

4. No matter what you’ve chosen when creating the policy the following applies

a. When you right click a policy and select apply, it gets applied (or you run Update-EmailAddressPolicy)

b. When the object changes, the policy gets applied

i. Note in my lab I simply updated the objects description and the policy was applied. Database moves, renames etc, all will force a policy update (on that object only).

So note that just like 2003 and 2007, if the policy is never applied manually or at policy creation, and an existing object never gets changed in any way, the policy will never be applied.

Uncheck the automatically update based on email address policy check box and a policy is NEVER applied to the object.

Exchange 2010 does NOT check occasionally or on some cycle and apply policies other than those instances stated above.

The “applied” column in the EMC is really of little value. It only shows whether or not the policy was ever manually applied. Manually applied only refers to objects that existed at the time of the application, which is unknown.


Also note I had an issue were a new policy got applied across the entire environment for what appeared to be no apparent reason.

My suggestion is to think about disabling the EmailAddressPolicyEnabled attribute when in doubt. Change it back slowly if you wish, after testing is complete.


Hope it helps



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s