Setting Message Restrictions on synced contacts
Created: 2012-04-20 08:09:59Modified: 2022-09-11 09:16:43
Tags: Active Directory UnitySync
It is possible to limit who can send mail to specific addresses. Actually, what you are doing is putting the limit on the special object, and specifying who that person may RECEIVE mail from. When syncing, you may sync a person or group that you want restricted in this manner on the Destination.
This article explains the use of email restrictions and how to set them manually in Active Directory Users & Computers.
There are two attributes that SS can set in order to set the restrictions as desired at sync time.
authOrig
This identifies individual users
dLMemSubmitPerms
This identifies a group. For our solution, we’ll use this group attribute.
To setup and test this solution:
A flag attribute: An attribute on the source to act as the flag to identify certain objects as a ‘Restricted to Select Senders’. (Below example uses attribute ‘title’). You can use any text attribute including ExtensionAttributes.
A flag value: In my example, I’m using “Restrict Senders” as the flag value.
Destination Group: Manually create the Group ‘Restrict to Select Senders’ on the destination. OR just use an existing Group that meets your needs. Only members of this Group will be allowed to send mail to the restricted contacts. You’ll need the exact DN of this Group object in the next step.
Create two test objects on the source. Set ‘title’ of ONE object to the flag value “Restrict Senders”.
In your connection, create a custom object mapping similar to the following, which should identify the exact DN of your existing Group:
dLMemSubmitPerms=&"^title^" eq "Restrict Senders" \ "CN=Restricted to Select Senders,ou=SyncContainer,DC=DestDomain,DC=com" : ""&
The above mapping says: If Title=“Restricted Senders” set dlMemberSubmitPersms to identify your “Restricted to Select Senders” group. In doing so, only objects in this Group may send mail to the object.#Use Selection DN and/or filters to pull only your two test objects and run Discovery and Sync.
When you look at your two test contacts created by the sync in U&C, on the Exchange General tab you will see Message Restrictions set to “Only From” and the “Restricted to Select Senders” Group will be specified for your one test object.
In ADSI Edit, it will look like this:
dLMemSubmitPerms: CN=Restricted to Select Senders,OU=SyncContainer,DC=DestDomain,DC=com
This will allow these select objects to appear in the GAL, but only those Users in the “Restricted to Select Senders” group will successfully send mail to the object.