Using regex for a Forward To property pattern

Question

I am trying to use a property pattern to prevent email forwarding to accounts in other domains managed by Adaxes.

Here is my regex: ^([^,]+,)+(DC=domain,DC=local)$

The altRecipient (Forward To) property is supposed to be a distinguished name, and that is reflected in ADSI, however, I cannot get this regex to match anything. I select a user to forward to, and the DN for that user is:

CN=Tech Gal,OU=Tech Users,DC=domain,DC=local

Does anyone have any insight as to why this isn't working? Is Adaxes using some other value before resolving the DN?

Thanks in advance!
Leah

Answer 1

Hello Leah,

Unfortunately, there is no possibility to disallow selecting users from a specific domain in the Forward To field using Property Patterns. However, thank you for the suggestion. We will consider it.

As a solution, you can use a Business Rule triggering Before Updating Exchange Properties of a User that will cancel the operation if the Forward To field contains a user located in a specific domain. If this solution meets your needs, we will provide you with detailed instructions.

Comments

That sounds like something I can work with. Instructions would be great. Thanks!

---

Hello,

Thank you for the confirmation. To create the Business Rule:

1. Launch Adaxes Administration Console.

2. In the Console Tree, right-click your service node.

3. In the context menu, navigate to New and click Business Rule.
   

4. On step 2 of the Create Business Rule wizard, select User Object type.

5. Select Before Modifying Exchange properties of a User and click Next.
   

6. Click Add an action.

7. Select Cancel this operation.

8. Specify a cancellation reason and click OK.
   

9. Right-click the action you created and then click Add Condition.
   

10. Select If PowerShell script returns true.

11. Paste the below script into the Script field. In the script, the $domainDN variable specifies the distinguished name (DN) of the domain (e.g. DC=example,DC=com).
    

     $domainDN = "DC=example,DC=com" # TODO: modify me
    
     function CheckObjectLocation($objectDN, $domainDN)
     {
         $objectDN = New-Object "Softerra.Adaxes.Ldap.DN" $objectDN
         $Context.ConditionIsMet = $objectDN.IsDescendantOf($domainDN)
     }
    
     # Get Exchange properties set by the action
     $modifiedMailboxParams = $Context.Action.MailParameters
     if (-not($modifiedMailboxParams.MailFlowSettings.DeliveryOptions.ForwardingAddressModificationEnabled))
     {
         return
     }
    
     # Get forwarding address
     $forwardingAddress = $modifiedMailboxParams.MailFlowSettings.DeliveryOptions.ForwardingAddress
     if ($forwardingAddress.ObjectDN)
     {
         CheckObjectLocation $forwardingAddress.ObjectDN $domainDN
         return
     }
     elseif ($forwardingAddress.ObjectGuid)
     {
         $objectPath = "Adaxes://<GUID=" + $forwardingAddress.ObjectGuid + ">"
     }
     elseif ($forwardingAddress.ObjectSid)
     {
         $objectPath = "Adaxes://<SID=" + $forwardingAddress.ObjectSid + ">"
     }
     else
     {
         $Context.LogMessage("Unable to get object path: " + $forwardingAddress.Identifier, "Error")
         $Context.ConditionIsMet = $True
         return
     }
    
     # Check object DN
     $object = $Context.BindToObject($objectPath)
     CheckObjectLocation $object.Get("distinguishedName") $domainDN

12. Enter a short description and click OK.

13. Click Next and finish creating the Business Rule.