+ Post New Thread
Results 1 to 6 of 6
Cloud Services Thread, O365: Transport Rules not working when recipient is a security group in Technical; I've tried asking this on the O365 forums but not had an answer as yet, figured it was worth a ...
  1. #1

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,934
    Thank Post
    861
    Thanked 1,438 Times in 988 Posts
    Blog Entries
    47
    Rep Power
    616

    Angry O365: Transport Rules not working when recipient is a security group

    I've tried asking this on the O365 forums but not had an answer as yet, figured it was worth a punt here as well.

    We always used to prevent students spamming All Staff and All Students with a fairly straightforward transport rule: if sender is a member of All Students; if recipient is All Staff or All Students; redirect to ITHelpdesk; except if sender is Head Girls. Worked fine in Exchange 2007 when we had on-premises, migrated over, but wasn't applying.

    In trying to recreate from scratch and work out why it wasn't applying, I've narrowed the problem down to, specifically, the recipient being a security group. Doesn't matter how I target it: directly with "recipient is", with regular expressions against the email and displayName, with "contains word" against the email and displayName... if the recipient is a security group, the rule won't apply. Every method I've tried, I could amend my input to match my mailbox address and it takes immediate effect. The problem is specifically when the recipient is a group.

    All groups are security groups synced from AD. Creating a new group and syncing up made no difference (as requested on the O365 forum).

    Has anyone else got this working at the moment, or is it a bug in Exchange Online?

  2. #2

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,934
    Thank Post
    861
    Thanked 1,438 Times in 988 Posts
    Blog Entries
    47
    Rep Power
    616
    Update from the Office 365 thread: The MS support guy can recreate the issue. He's suggested a workaround that I can't implement because the groups in question are synced from on-site AD. The attributes in question are authOrig and unauthOrig, but ADSIEdit complains it doesn't have an editor capable of handling the attributes. Anyone know a way I can get at them without having to pull out the old Exchange server and start faffing around in that?

  3. #3

    CPLTD's Avatar
    Join Date
    Apr 2008
    Location
    Northamptonshire
    Posts
    4,043
    Thank Post
    1,395
    Thanked 644 Times in 500 Posts
    Blog Entries
    1
    Rep Power
    259
    Just a quick curveball to throw your way:

    Whilst waiting for MS....try creating an email account called 'insert desired name' and set it to forward to the 'all staff' mail group, then add the rules to the 'insert desired name' email account to filter out the SPAM.

    Worth a punt perhaps.

    Let us know if it works

    Joe

  4. Thanks to CPLTD from:

    sonofsanta (15th July 2014)

  5. #4


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,765
    Thank Post
    222
    Thanked 2,630 Times in 1,938 Posts
    Rep Power
    779
    Quote Originally Posted by sonofsanta View Post
    ADSIEdit complains it doesn't have an editor capable of handling the attributes.
    AD Explorer from SysInternals might be worth a try?
    Last edited by Arthur; 14th July 2014 at 03:59 PM.

  6. Thanks to Arthur from:

    sonofsanta (15th July 2014)

  7. #5
    Boredguy's Avatar
    Join Date
    Jun 2011
    Location
    Swindon
    Posts
    568
    Thank Post
    3
    Thanked 128 Times in 119 Posts
    Rep Power
    50
    To edit the values, you can use LDP.exe

    I had to do that the other week to test restricting access to a DirSync group and it seemed to work ok
    I used this article as a guide

  8. Thanks to Boredguy from:

    sonofsanta (15th July 2014)

  9. #6

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,934
    Thank Post
    861
    Thanked 1,438 Times in 988 Posts
    Blog Entries
    47
    Rep Power
    616
    @Boredguy - that's worked a treat, cheers.

    @Arthur - AD Explorer was next on the list, but I tend to try built in tools first, cheers anyway

    Joe @CPLTD - if I was setting up from scratch and for the long term, it'd be worth a crack, I reckon, but given how much hassle cached group addresses have been through the migration anyway (more or less the only teething problem, in fact) and that I'm hoping MS can fix the bug so I can apply a rule as normal (as, ideally, I'd still like to redirect the messages instead of bounce with an error message) the less disruptive I can be with the fix, the better. Cheers still!

SHARE:
+ Post New Thread

Similar Threads

  1. [CLOSED] Bug/Error: Auto-complete not working when adding tags
    By DaveP in forum EduGeek.net Site Problems
    Replies: 1
    Last Post: 25th March 2014, 03:54 PM
  2. Replies: 1
    Last Post: 29th November 2012, 10:04 AM
  3. [MS Office - 2007] Spell checker only works when menu is pressed
    By EPCHS in forum Office Software
    Replies: 0
    Last Post: 15th November 2012, 01:00 PM
  4. Laptop touchpad not working when power plugged in
    By UnknownStuntman in forum Hardware
    Replies: 8
    Last Post: 5th March 2010, 07:32 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •