Thanks!! Can you just post your user query options? Mine are - Schema - Active Directory - Base DN - DC=Company,DC=Com - Bind DN - A username for the connection to the AD (a made a new one) - Bind Password - The password for the user above - LDAP Query to Find User - I used this one. (&(|(objectClass=User)(objectClass=Group)(objectClass=publicFolder)) (|(proxyAddresses=smtp:$m)(mail=$m))) - Scope - Subtree - Derefer - Never Also, did you have to group AD groups and users in some specific manner (in same OU or something similar) or LDAP query from root of domain works fine? Do you have the same firmware as mine? Did you have to make some modifications in recipient filtering or access policies or your alias query works without any modifications? Thank you.

Hi, It doesn' t work even with User Group Expansion checked and with Derefer Always or with different combinations of these two. Can you tell me in which way did you two create alias object? I have group IT, and alias mail is defined in Group properties (General tab, E-mail field) as it@domain.com. I have also found somwhere on the forum that people use groups named after alias mail (eg. group name is it@domain.com). This is killing me....

Helo ehlo, As I wrote in previous post, I have security/distribution groups with email defined in General/e-mail field. I have user1 with mail user1@domain.com, and group has mail it@domain.com. I want mail sent to it@domain.com gets delivered to user1 and other users who are members of this group. FML Documentation is not very specific on what alias object is, but i hope I got this part right.. My conf is as follows: User query Options are default - Schema - Active Directory - Base DN - DC=Company,DC=Com - Bind DN - A username for the connection to the AD (a made a new one) - Bind Password - The password for the user above - LDAP Query to Find User - (&(|(objectClass=User)(objectClass=Group)(objectClass=publicFolder)) (|(proxyAddresses=smtp:$m)(mail=$m))) - Scope - Subtree - Derefer - Never When I click browse, I can see all the objects in AD, so this part is working. Also user auth using AD credentials os working. User authentication option is: Search user and try bind DN User alias options> User defined Base DN > same as user query Bind DN > same as user query Bind password > same as user query Alias member attribute: mail Alias member query: (&(|(objectClass=User)(objectClass=Contact)(objectClass=Group)(objectClass=publicFolder)) (|(proxyAddresses=smtp:$m)(mail=$m))) User group expansion - no checkbox. When I put the checkbox here I get 550 5.1.1 User unknown error Group member attribute: member Group member query: (&(objectClass=group) (proxyAddresses=smtp:$m)(mail=$m)) Scope: subtree Derefer> Always Max alias expansion level: 0. I have nothing defined in address mapping options. AD domain is domain.local, bit Fortimail domain is domain.com, and emails defined in groups and users are also .com I have tried different options for Derefer and queries, but even when I don' t get 550 5.1.1 error, that mail does not end at user1 mailbox. Instead it gets delivered somewhere. When I check Users there is no user IT (name of the group is IT), but when I check next tab " User preferences" I see mu users, but also groups i tried to send email to. Looks like new mailbox gets created, but I can not access it since groups don' t have passwords?! Look at the picture in the att. I tried to downgrade to Mr3 Patch 2, but same thing happens.

One more question. Do you all people who have LDAP alias working have Exchange server behind Fortimail? In my scenario Fortimail is in server mode (no Exchange server) so AD schema is not prepared for Exchange. This could be the issue because using ADSIedit is see that proxyaddress is blank, and that value is queried. Thank you.

Thanks ehlo!!! Finally got it working using your setup (with minor modification) Whole problem was in that (proxyadresses=smtp:$m) because that field is empty in my AD. I tried numerous times using (&(objectClass=Group) (|(proxyAddresses=smtp:$m)(mail=$m)) but it didnt work. Now it is working using Group member query (&(objectClass=group) (mail=$m)). All other options are as yours. Thanks 1000 times.