Tech Blog

If you ever get this annoying message when opening an Email Address book policy:

The specified e-mail address policy couldn't be edited. E-mail address polices created with legacy versions of Exchange must be upgraded using the 'Set-EmailAddressPolicy' task, with the Exchange 2010 Recipient Filter specified.

This means the policies were created with old versions of Exchange, in my case Exchange 2003, you can find them all, looking for the word Legacy:

Get-EmailAddressPolicy | Select Identity, RecipientFilterType, RecipientFilter, LDAPRecipientFilter | FL

As you can this will show the ldap query too, the problem is if you run the Set-EmailAddressPolicy against this then you’ll break it, all custom filters (LDAP queries) will be reset to “mailnickname=*” which can result significant email outages.

So how to fix it.

Download this PS script: https://gallery.technet.microsoft.com/office/7c04b866-f83d-4b34-98ec-f944811dd48d

Choose a policy to convert, copy the query from above and run the following:

.\ConvertFrom-LdapFilter.ps1 "(&(mailNickname=*)(objectCategory=person)(objectClass=user)(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*)(objectCategory=user)(mail=rob.D@EMAIL.com))"

So now we have this:

( ( Alias -ne $null ) -and ( ObjectCategory -like 'person' ) -and ( ObjectClass -eq'user' ) -and ( ObjectClass -eq 'user' ) -and ( ObjectCategory -like 'person' ) -and ( Alias -ne $null ) -and ( ServerLegacyDN -ne $null ) -and ( ObjectCategory -like 'user' ) -and ( WindowsEmailAddress -eq 'rob.D@EMAIL.com' ) )

Now finially lets run the Set-EmailAddressPolicy (NOTE THE {} at the beginning and end, not a ” :

Set-EmailAddressPolicy -Identity "migrate-test" -RecipientFilter {( ( ( Alias -ne $null ) -and ( ( ObjectCategory -like 'person' ) -and ( ObjectClass -eq 'user' ) -and ( recipientType-eq 'UserMailbox' ) ) ) -and ( ObjectCategory -like 'user' ) -and ( WindowsEmailAddress -eq 'rob.D@EMAIL.com' ) )

Done, F5 it in Exchange console and see if you can open it!!