Mailbox Delivery Settings
From time to time, I run into environments where things are configured in "non-standard" ways. Granted, we don't have a lot of specificity or documentation around some attribute configurations because the default configuration has been tested by the people who created the software and works in almost every conceivable situation. However, we do run into things where people didn't necessarily understand the way Exchange utilizes certain attributes, or discovered they can sometimes "trick" the system to do different things. I have not been in an environment where those situations don't eventually come back to bite you.
General recommendations:
- Keep defaults unless you have a compelling reason to change them
- Change defaults to supported and supportable configurations
- Use correct tools to update the settings
When it comes to recipients, the two most common scenarios in my experience are autodiscover lookup resolution issues user objects with incorrect/incomplete attributes for the recipient type.
Let's tackle each of those.
But, before we get there, let's begin at the beginning.
Recipient Types
Modern versions of Exchange have seven general recipient types:
- mailbox - This is the basic recipient type. It is a security principal (a user logon account, for example, that has an explicit username and password). A mailbox is a container-type of object that is capable of (wait for it ....) containing data (some of which may be messages, contacts, calendar items, notes, journal entries, or tasks).
- contact - This recipient type is really no more than an address book entry. It has a few properties (such as display name and an email address). It's generally used to represent a user external to your organization in your address book.
- mail-enabled user - A mail user is really the joining of a security principal (user) with the attributes of a mail contact. It is a user that doesn't have a mailbox in your system, but is represented in the address book due to the properties on the object. A contact does not have an associated security principal (user object).
- mail-enabled public folder - This is a special type of shared object. In legacy versions of Exchange, public folders were stored in a special database. With modern public folders, the content is actually stored in mailbox-like structures. In either case, a public folder is a hierarchical folder structure (like a network server share) that is access via the email client. Mail-enabled public folders are public folders with email properties designating them as recipients.
- distribution group - A distribution group or distribution list is a container-type of object that holds multiple recipients (mailboxes, contacts, mail users, and mail-enabled public folders).
For purposes of user mail routing, we're going to only focus on mailboxes and mail-enabled users.
Mailbox
A mailbox is a recipient (duh). If a user is homed "locally," their mailbox is the final destination. Core attributes we expect to see configured:
- altRecipient - Exchange address (mail-enabled user, contact, or another mailbox) if mailbox is configured to forward to an external recipient (Set-Mailbox -ForwardingAddress). Takes priority over msExchGenericForwardingAddress.
- deliverAndRedirect - AD attribute that is configured if either altRecipient (Set-Mailbox -ForwardingAddress) or msExchGenericForwardingAddress (Set-Mailbox -ForwardingSmtpAddress) are modified with the -DeliverToMailboxAndForward $true parameter.
- homeMDB - the name of the database where the mailbox is located
- legacyExchangeDN - the internal routing address for the mailbox (structure of x.500)
- mail - the SMTP address of the mailbox. The AD attribute name is mail; from inside Exchange Management Shell, it is referenced as WindowEmailAddress or PrimarySmtpAddress.
- mailNickname - sometimes known as the alias, it's an internal short name for the mailbox user
- msExchMailboxGuid - objectGuid of the mailbox in Active Directory. The AD attribute name is msExchMailboxGuid; from inside Exchange Management Shell, it is referenced as ExchangeGuid.
- msExchGenericForwardingAddress - SMTP address if mailbox is configured to forward to an external recipient (Set-Mailbox -ForwardingSmtpAddress)
- msExchHomeServerName - name of the server where the mailbox is located
- msExchPoliciesIncluded - which address policies are applied to the object
- msExchRecipientDisplayType - numeric value which represents the general object type (UserMailbox)
- msExchRecipientTypeDetails - numeric value which represents a specific object sub-type (Regular, Shared, Equipment, Room)
- msExchUserAccountControl - Exchange user logon setting
- msExchVersion - indicates which version of Exchange the object is configured as
- msExchWhenMailboxCreated - timestamp that marks the creation of the mailbox
- proxyAddresses - multivalued attribute containing all alias/proxy addresses for a mailbox. The AD attribute name is proxyAddresses; from inside Exchange Management Shell, it is referenced as EmailAddresses.
Mail-Enabled User
The Mail-Enabled user object can serve two purposes: display in an address book (because it is a mail recipient), or as a pointer object for a remote Exchange mailbox. Core attributes we expect to see configured for a mail-enabled user:
- mail - the SMTP address of the mailbox. The AD attribute name is mail; from inside Exchange Management Shell, it is referenced as WindowEmailAddress or PrimarySmtpAddress. This attribute is can either be a recipient address in the organization or the real external organization's address of the user.
- mailNickname - sometimes known as the alias, it's an internal short name for the mailbox user
- msExchPoliciesExcluded - which address policies are not applied to the object
- msExchPoliciesIncluded - which address policies are applied to the object
- msExchRecipientDisplayType - numeric value which represents the general object type (MailUser)
- msExchRecipientTypeDetails - numeric value which represents the specific object sub-type (MailUser, RemoteUserMailbox)
- proxyAddresses - multivalued attribute containing all alias/proxy addresses for a mailbox. The AD attribute name is proxyAddresses; from inside Exchange Management Shell, it is referenced as EmailAddresses.
- targetAddress - string value of the object's real email address in the remote mail system. The AD attribute name is targetAddress; from inside Exchange Management Shell, it is referenced as either ExternalEmailAddress (if the object is a MailUser) or RemoteRoutingAddress (if the object is a RemoteUserMailbox). This value serves two purposes: for mail routing, is serves as the next-hop address for mail delivery. For Outlook clients, it is the value Outlook references during an autodiscover lookup.
Now that we have the basics established, let's dig into a few common questions.
Mailbox Discovery and Configuration
For an on-premises user, Autodiscover locates a mailbox by querying Active Directory. From https://technet.microsoft.com/en-us/library/bb124251(v=exchg.150).aspx:
Through the Autodiscover service, Outlook finds a new connection point made up of the user’s mailbox GUID + @ + the domain portion of the user’s primary SMTP address. The Autodiscover service returns the following information to the client:
- The user’s display name
- Separate connection settings for internal and external connectivity
- The location of the user’s Mailbox server
- The URLs for various Outlook features that govern functionality such as free/busy information, Unified Messaging, and the offline address book
- Outlook Anywhere server settings
When a user's Exchange information is changed, Outlook automatically reconfigures the user's profile using the Autodiscover service. For example, if a user's mailbox is moved or the client can't connect to the user's mailbox or to available Exchange features, Outlook will contact the Autodiscover service and automatically update the user's profile to include the information that's required to connect to the mailbox and Exchange features.
When you install a Client Access server in Exchange 2013, a default virtual directory named Autodiscover is created under the default website in Internet Information Services (IIS). This virtual directory handles Autodiscover service requests from Outlook 2007, Outlook 2010, and Outlook 2013 clients and supported mobile phones under the following circumstances:
- When a user account is configured or updated
- When an Outlook client periodically checks for changes to the Exchange Web Services URLs
- When underlying network connection changes occur in your Exchange messaging environment
Additionally, a new Active Directory object named the service connection point (SCP) is created on the server where you install the Client Access server.
The SCP object contains the authoritative list of Autodiscover service URLs for the forest. You can use the Set-ClientAccessServer cmdlet to update the SCP object.
What does this mean?
For a mailbox user, Autodiscover will return the mailbox server and database name, which will prompt Outlook to configure the profile appropriately. For a mail-enabled user, Autodiscover will return the targetAddress, which will cause Outlook to contact the domain (to the right of the @) listed in the targetAddress for mailbox location.
Mail Routing
From a mail routing perspective, the lookup order is as follows:
Is the domain an accepted domain in the Exchange Organization?
- Yes.
- Is it an authoritative domain?
- Yes.
- Lookup Recipient. Does recipient exist (mailbox, mail contact, mail-enabled user, mail-enabled public folder, distribution list)?
- Yes.
- Send to this recipient. Is Recipient:
- Mailbox
- Yes.
- Is targetAddress set (should ALWAYS BE "NO" for supported configuration)?
- Yes.
- Redirect mail to targetAddress.
- No.
- Good. Go to next step.
- Yes.
- Is altRecipient set?
- Yes.
- Is deliverAndRedirect set to True?
- Yes.
- Send to recipient listed in altRecipient.
- Deliver copy to local mailbox.
- No.
- Send to recipient listed in altRecipient.
- Yes.
- Is deliverAndRedirect set to True?
- No.
- Continue to next recipient check.
- Yes.
- Is msExchGenericForwardingAddress set?
- Yes.
- Is deliverAndRedirect set to True?
- Yes.
- Send to recipient listed in msExchGenericForwardingAddress.
- Deliver copy to local mailbox.
- No.
- Send to recipient listed in msExchGenericForwardingAddress.
- Yes.
- Is deliverAndRedirect set to True?
- No.
- Deliver to local mailbox.
- Yes.
- Is targetAddress set (should ALWAYS BE "NO" for supported configuration)?
- No.
- Do nothing.
- Yes.
- Mail-Enabled User
- Yes.
- Is targetAddress set (should ALWAYS BE YES)?
- Yes.
- Send to recipient listed in targetAddress.
- No.
- Attempt delivery to mail attribute (will most likely NDR because object is not configured properly).
- Yes.
- Is targetAddress set (should ALWAYS BE YES)?
- No.
- Do nothing.
- Yes.
- Mail Contact
- Yes.
- Is targetAddress set (should ALWAYS BE YES)?
- Yes.
- Send to recipient listed in targetAddress.
- No.
- Attempt delivery to mail attribute (will most likely NDR because object is not configured properly).
- Yes.
- Is targetAddress set (should ALWAYS BE YES)?
- Yes.
- Mail-Enabled Public Folder
- Yes.
- Is targetAddress set (should ALWAYS BE NO)?
- Yes.
- Send to recipient listed in targetAddress.
- No.
- Do nothing.
- Yes.
- Is altRecipient set?
- Yes.
- Is deliverAndRedirect set to True?
- Yes.
- Send to recipient listed in altRecipient.
- Deliver to local public folder.
- No.
- Send to recipient listed in altRecipient.
- Yes.
- Is deliverAndRedirect set to True?
- No.
- Deliver to local public folder.
- Yes.
- Is targetAddress set (should ALWAYS BE NO)?
- No.
- Do nothing.
- Yes.
- Distribution List
- Yes.
- Expand membership and deliver to recipients.
- No.
- Do nothing.
- Yes.
- Mailbox
- Send to this recipient. Is Recipient:
- No.
- Return NDR to sender.
- Yes.
- Lookup Recipient. Does recipient exist (mailbox, mail contact, mail-enabled user, mail-enabled public folder, distribution list)?
- No.
- Is there a connector that is scoped to this domain?
- Yes.
- Send mail to specific connector.
- No.
- Send mail to default outbound connector.
- Yes.
- Is there a connector that is scoped to this domain?
- Yes.
- Is it an authoritative domain?
- No.
- Is there a connector that is scoped to this domain?
- Yes.
- Send mail to specific connector.
- No.
- Send mail to default outbound connector.
- Yes.
- Is there a connector that is scoped to this domain?
Hopefully, this helps someone. :-) For more information on mail routing diagnostics, be sure to visit https://technet.microsoft.com/en-us/library/bb430743(v=exchg.150).aspx.