The Exchange 2010 OOF option to external audience is “enabled out the box” .In many organizations allowing OOF for external usage is up to company security policies. In large environments disabling OOF requires bulk changes and coming up with process to make sure newly created accounts OOF External is set to “internal” meaning these account wont have OOF External option. You may also consider allowing this option or disallowing it per your needs. In this article we will touch in each scenario and give you tips and show you how to deal with OOF settings for mail enabled users.
You will see the options under “Automatic Replies”
Lets take a look same settings from PowerShell.
ExternalOofOptions : InternalOnly ( External OOF option is set to “InternalONLY” )
ExternalOofOptions : External ( External OOF option is set to “External” )
Now lets start disabling OOF.Following procedures outline how to enable and disable OOF External option for single mailbox.
Procedure:
- Log in to Exchange 2010 server or use your management computer with proper privileges
- Click Start
- All Programs
- Microsoft Exchange Server 2010
- Exchange Management Shell
Enabling OOF External Option for single user
| set-mailbox casey.dedeal -ExternalOofOptions "External" |
Disabling OOF Option for single user
| set-mailbox casey.dedeal -ExternalOofOptions "InternalOnly" |
Disable OOF External for Everyone
| get-mailbox -ResultSize Unlimited | set-mailbox -ExternalOofOptions "InternalOnly" -Confirm:$False |
How to turn the OOF External option in large environments and only allow certain people ?
If this is the scenario one of the good way to handle such request coming up with process
Procedure:
1. Come up with User Creation SOP ( Standard Operation Procedure) and include disabling OOF External for each user creation.
2. Create Active group called “OOF-Allowed-External-Recipients” Universal Security for instance.
3. Add the exception members in the group
In the Second Article I will post OOF Script which will Disable OOF External option for everyone, Enable only for member of Allowed group in AD.
Stay Tuned
Best regards,
Oz Casey , Dedeal
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
Http://smtp25.blogspot.com (Blog)
Http://telnet25.wordpress.com (Blog)
1 comment:
This is a great solution...any chance you can provide instructions on how to "enable" oof for the active directory group. I can't wait...this would be the solution we've been waiting for.
Post a Comment