0 votes

I am trying to use a property pattern to prevent email forwarding to accounts in other domains managed by Adaxes.

Here is my regex: ^([^,]+,)+(DC=domain,DC=local)$

The altRecipient (Forward To) property is supposed to be a distinguished name, and that is reflected in ADSI, however, I cannot get this regex to match anything. I select a user to forward to, and the DN for that user is:

CN=Tech Gal,OU=Tech Users,DC=domain,DC=local

Does anyone have any insight as to why this isn't working? Is Adaxes using some other value before resolving the DN?

Thanks in advance!

by (710 points)

1 Answer

0 votes
by (194k points)
selected by
Best answer

Hello Leah,

Unfortunately, there is no possibility to disallow selecting users from a specific domain in the Forward To field using Property Patterns. However, thank you for the suggestion. We will consider it.

As a solution, you can use a Business Rule triggering Before Updating Exchange Properties of a User that will cancel the operation if the Forward To field contains a user located in a specific domain. If this solution meets your needs, we will provide you with detailed instructions.


That sounds like something I can work with. Instructions would be great. Thanks!



Thank you for the confirmation. To create the Business Rule:

  1. Launch Adaxes Administration Console.

  2. In the Console Tree, right-click your service node.

  3. In the context menu, navigate to New and click Business Rule.

  4. On step 2 of the Create Business Rule wizard, select User Object type.

  5. Select Before Modifying Exchange properties of a User and click Next.

  6. Click Add an action.

  7. Select Cancel this operation.

  8. Specify a cancellation reason and click OK.

  9. Right-click the action you created and then click Add Condition.

  10. Select If PowerShell script returns true.

  11. Paste the below script into the Script field. In the script, the $domainDN variable specifies the distinguished name (DN) of the domain (e.g. DC=example,DC=com).

     $domainDN = "DC=example,DC=com" # TODO: modify me
     function CheckObjectLocation($objectDN, $domainDN)
         $objectDN = New-Object "Softerra.Adaxes.Ldap.DN" $objectDN
         $Context.ConditionIsMet = $objectDN.IsDescendantOf($domainDN)
     # Get Exchange properties set by the action
     $modifiedMailboxParams = $Context.Action.MailParameters
     if (-not($modifiedMailboxParams.MailFlowSettings.DeliveryOptions.ForwardingAddressModificationEnabled))
     # Get forwarding address
     $forwardingAddress = $modifiedMailboxParams.MailFlowSettings.DeliveryOptions.ForwardingAddress
     if ($forwardingAddress.ObjectDN)
         CheckObjectLocation $forwardingAddress.ObjectDN $domainDN
     elseif ($forwardingAddress.ObjectGuid)
         $objectPath = "Adaxes://<GUID=" + $forwardingAddress.ObjectGuid + ">"
     elseif ($forwardingAddress.ObjectSid)
         $objectPath = "Adaxes://<SID=" + $forwardingAddress.ObjectSid + ">"
         $Context.LogMessage("Unable to get object path: " + $forwardingAddress.Identifier, "Error")
         $Context.ConditionIsMet = $True
     # Check object DN
     $object = $Context.BindToObject($objectPath)
     CheckObjectLocation $object.Get("distinguishedName") $domainDN
  12. Enter a short description and click OK.

  13. Click Next and finish creating the Business Rule.

Related questions

0 votes
1 answer

When we create a shared mailbox, we create an associated mail-enabled security group. In the security group I want to populate the description field with the name of the shared mailbox ... How can I get just the "name" of the shared mailbox versus the full DN?

asked Feb 4 by atnorman (280 points)
0 votes
1 answer

Hallo, As a part of my custom command I'd like to create forward from a mailbox to an external SMTP. Unfortunately I cann't use below script because of security policy: ... it by myself but I stuck on bing contact for forward. Could you please help me?

asked Aug 28, 2015 by axmaster (2.7k points)
0 votes
1 answer

Is it possible to update a Propery Pattern using a powershell script? If a new department OU is created, is it possible to automaticly update the User Pattern's Department property to reflect that a new department has been added?

asked Jan 28, 2013 by kjesoo (7k points)
0 votes
0 answers

Hello, I'm using property pattern for few things, and i just noticed that all my property pattern are applied on user creation (i don't want it to) Is there a way to "disable" property pattern on user creation ?

asked May 6, 2016 by Alexandre (2.5k points)
0 votes
1 answer

Hi, I created a property pattern for personalTitle but it does not reflect in the selfservice web frontend. I did it the same way for Company and Location both are working. Any ideas why it does not work? kind regards Ingemar

asked Aug 22, 2013 by ijacob (6.1k points)
2,418 questions
2,168 answers
235,372 users