Relevant Product: Signature Manager Exchange Edition
When using Signature Manager Exchange Edition with a group specified in the policy, you observe that the Policy Tester is showing the correct behaviour. However, when an email message is sent, the membership of this group cannot be correctly identified, so the policy does not get applied.
Ensure that the appropriate account has Read Member of permissions to the user object you are testing with; for example: Colin Smith.
The step-by-step instructions below show an example with the Network service account:
- Open Active Directory User and Computers. (dsa.msc).
- From the View menu, select Advanced Features:
- Locate a problem user and open their Properties.
- Select the Security tab, click Advanced then select the Effective Permissions tab.
- Click Select and type NETWORK SERVICE account, then click OK.
- Locate the permission Read Member of and confirm that the permission is present:
If the Read Member of permission is not present against the NETWORK SERVICE account, then follow the next steps below:
To apply the permission change to all users in an OU:
- Right-click the OU and select Properties.
- Select the Security tab, then click Advanced.
- Click Add and type NETWORK SERVICE, then click OK.
- Select the Properties tab and from the Apply to: drop-down list, select Descendant User objects:
- Locate the permission Read Member of and tick the Allow check box:
- Click OK until you return to Active Directory Users & Computers.
- Repeat steps 1 to 5 above to confirm that NETWORK SERVICE now has the permission "Read Member of".