Applies to: Exchange Server 2013

Topic Last Modified: 2013-01-14

In Microsoft Exchange Server 2013, it's easy to add multiple authoritative domains to your organization. However, after you add the authoritative domain, you need to decide how to use the authoritative domain in your organization. For example:

The following examples are scenarios in which your Exchange organization may have to receive and process email for more than one authoritative SMTP domain:

What do you need to know before you begin?

  • Estimated time to complete this task: 30 minutes.

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Accepted domains" entry in the Mail Flow Permissions topic and the "Email address policies" entry in the Recipients Permissions topic.

  • If you have deployed an Edge Transport server in your perimeter network and have created an Edge Subscription for that server, you perform these procedures only on the Mailbox server. If the Edge Transport server isn't subscribed, you need to create accepted domains on both the Edge Transport server and the Mailbox server.

  • When you create an accepted domain, you can use a wildcard character (*) in the address space to indicate that all subdomains of the SMTP address space are also accepted by the Exchange organization. For example, to configure contoso.com and all its subdomains as accepted domains, enter *.contoso.com as the SMTP address space. However, if the subdomain names will be used in an email address policy, each subdomain must have an explicit accepted domain entry.

  • An MX record in public DNS is required for each SMTP domain for which you accept email from the Internet. Each MX record should resolve to the Internet-facing server that receives email for your organization.

  • You need to configure Send connectors and Receive connectors so your Exchange organization can send email to and receive email from the Internet. The configuration of the Internet Send connectors and Receive connectors is determined by your Exchange topology. For more information about configuring connectors, see Connectors.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.

Tip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection

How do you do this?

Step 1: Create an authoritative domain

Use the Exchange Administration Center to create an authoritative domain

  1. In the EAC, navigate to Mail flow > Accepted domains, and click Add Add Icon.

  2. In the Name field, enter the display name for the accepted domain. Each accepted domain for your organization must have a unique display name. This may be different than the accepted domain. For example, the domain contoso.com could have a display name of Contoso Local Accepted Domain.

  3. In the Accepted domain field, specify an SMTP namespace for which your organization accepts email messages. For example, contoso.com.

  4. Select Authoritative domain.

  5. Click Save.

Use the Shell to create an authoritative domain

To create a new authoritative domain, use the following syntax.

Copy Code
New-AcceptedDomain -Name "<Unique Name>" -DomainName <SMTP domain> -DomainType Authoritative

For example, to create a new authoritative domain named "Fourth Coffee subsidiary" for the domain fourthcoffee.com, run the following command:

Copy Code
New-AcceptedDomain -Name "Fourth Coffee subsidiary" -DomainName fourthcoffee.com -DomainType Authoritative

How do you know this step worked?

To verify that you have successfully created an authoritative domain, do one of the following:

  • In the EAC, navigate to Mail flow > Accepted domains. Verify the accepted domain you created is displayed, and the Domain Type value is Authoritative.

  • In the Shell, run the command Get-AcceptedDomain. Verify the domain you created is displayed, and the DomainType value is Authoritative.

Step 2: Configure an email address policy for the authoritative domain

To use the authoritative accepted domain you created, you need to configure an email address policy for the authoritative domain that meets the objectives of your scenario. For example, you may need to create a new email address policy, or modify an existing policy. You may elect to replace the primary email address for some or all of your recipients, and you can elect to keep or remove the old primary email address. Two example scenarios are presented in this section.

Change the existing primary email address

To change the primary (reply to) email address assigned to recipients and keep the old primary email address as a proxy (secondary) email address, follow these steps:

Use the EAC to change the existing primary email address
  1. In the EAC, navigate to Mail flow > Email address policies. Select the email address policy you want to modify, and click Edit Edit Icon.

  2. On the Email Address Policy page, click the Email address format tab. In the Email address format section, click AddAdd Icon.

  3. On the Email Address Format page that appears, make the following selections:

    • Select an accepted domain   Click the drop-down list, and select the new authoritative domain.

    • Select Make this format the reply email address.

    When you are finished, click Save.

  4. On the Email Address Policy page, click Save to save your changes to the policy.

  5. You’ll get a warning that the email address policy won’t be applied until you update it. After it’s created, select it, and then, in the details pane, click Apply.

Use the Shell to change the existing primary email address

In the Shell, you use two separate commands: one command to modify the existing email address policy, and another command to apply the updated email address policy to the recipients in your organization.

To change the existing primary email address, and keep the old primary email address as a proxy address, run the following command:

Copy Code
Set-EmailAddressPolicy <EmailAddressPolicyIdentity> -EnabledEmailAddressTemplates SMTP:<NewPrimaryEmailAddress>,smtp:<OldPrimaryEmailAddress>

For example, suppose the email address policy in your organization uses the email addresses format useralias@contoso.com. This example changes the domain of primary (reply to) address in the email address policy named "Default Policy" to @fourthcoffee.com, and keeps the old primary reply address in the @contoso.com domain as a proxy (secondary) address.

Copy Code
Set-EmailAddressPolicy "Default Policy" -EnabledEmailAddressTemplates SMTP:@fourthcoffee.com,smtp:@contoso.com
Note:
The SMTP qualifier in uppercase lettersspecifies the primary (reply to) address. The smtp qualifier in lowercase letters specifies a proxy (secondary) address.

To apply the updated email address policy to recipients, use the following syntax.

Copy Code
Update-EmailAddressPolicy <EamilAddressPolicyIdentity>

For example, to apply the updated email address policy named "Default Policy", run the following command:

Copy Code
Update-EmailAddressPolicy "Default Policy"

Replace the existing primary email address for a filtered set of recipients

You can't modify the default email address policy to apply to a filtered set of recipients. You need to create a new email address policy, or modify an existing custom email address policy. The examples in this section create a new email address policy. In these examples, the primary (reply to) address in the new accepted domain replaces the old primary address for the specified recipients without keeping the old primary address as a proxy (secondary) email address. Therefore, the affected recipients can no longer receive email at their old primary email address.

Also, email address policies that apply to specific users should have a higher priority (indicated by a lower integer value) than other email address policies, including the default policy, so the specific policy is applied first. Because two policies can't have the same priority value, you may first need lower the priority of your organization's default email address policy.

Use the EAC to replace the existing primary email address for a filtered set of recipients

To create additional email addresses that will be used as the primary email address for a filtered set of recipients, follow these steps.

  1. In the EAC, navigate to Mail flow > Email address policies, and then click Add Add Icon.

  2. On the Email Address Policy page, complete the following fields:

    1. Policy name   Enter a unique, descriptive name.

    2. Email address format   Click Add Add Icon. On the Email Address Format page that appears, make the following selections:

      • Select an accepted domain   Click the drop-down list, and select the new authoritative domain.

      • Email address format   Select the appropriate email address format for your organization.

      • Select Make this format the reply email address.

      When you are finished, click Save.

  3. Run this policy in this sequence with other policies   Typically, policies that apply to specific users should have a higher priority (indicated by a lower integer value) than other email address policies, including the default policy.

  4. Specify the types of recipients this email address will apply to   Select the recipient types to which you want the email address policy applied.

  5. Create rules to further define the recipients that this email address policy applies to   Click Add a rule to restrict the recipients that this policy will apply to. This creates a Boolean And statement. Repeat this step as many times as necessary.

    Caution:
    If you apply too many rules, it’s possible to restrict the email address policy to the point that it doesn’t contain any users.
  6. Click Preview recipients the policy applies to to view the recipients that policy will apply to.

  7. Click Save to save your changes and create the policy.

  8. You’ll get a warning that the email address policy won’t be applied until you update it. After it’s created, select it, and then, in the details pane, click Apply.

Use the Shell to replace the existing primary email address for a filtered set of recipients

To replace the primary email address for a filtered set of recipients, use the following command:

Copy Code
New-EmailAddressPolicy -Name <Policy Name> -Priority <Integer> -IncludedRecipients <RecipientTypes> <Conditional Recipient Properties> -EnabledEmailAddressTemplates SMTP:@<NewPrimaryEmailAddress>

This example creates an email address policy named "Fourth Coffee Recipients", assigns that policy to mailbox users in the Fourth Coffee department, and sets the highest priority for that email address policy so the policy is applied first. Note that the old primary email address isn't preserved for these recipients, so they can't receive email at their old primary email address.

Copy Code
New-EmailAddressPolicy -Name "Fourth Coffee Recipients" -Priority 1 -IncludedRecipients MailboxUsers -ConditionalDepartment "Fourth Coffee" -EnabledEmailAddressTemplates SMTP:@fourthcoffee.com

To apply the new email address policy to the affected recipients, run the following command:.

Copy Code
Update-EmailAddressPolicy "Fourth Coffee Recipients"

How do you know this step worked?

To verify that you have successfully configured an email address policy for the authoritative domain, do one of the following:

  • In the EAC, navigate to Mail flow > Email address policies. Verify the policies are applied in the correct order. Also, select any new or updated policies, and in the details pane, verify the email address format, included recipients, and if the policy has been applied,

  • In the Shell, run the commands Get-EmailAddressPolicy and Get-EmailAddressPolicy "<Policy Name>"| Format-List to verify the details of the policies.

How do you know this task worked?

To verify that you have configured Exchange to accept mail for multiple authoritative domains, do the following:

  1. Send test messages to an affected recipient from a mailbox outside your Exchange organization. Verify the email addresses that successfully accept mail.

  2. Send test messages from an affected recipient mailbox to an external recipient, and verify the From address of the message.