The company I work for is going through a Cross Forest Exchange (both Exch 2010) and AD migration (2003 to 2008 R2). Some users in the TARGET domain were receiving NDRs (Non Delivery Report) in Outlook when responding to old emails from users still located in the SOURCE domain, or when using the N2K cached addresses for those same SOURCE users. This was only happening with 2 scenarios:
- There was no mailbox user or contact in the TARGET exchange organization for that recipient.
- There was a contact for that recipient in the TARGET exchange organization, however there was no X500 address (aka proxyAddresses).
For our specific scenario, we are slowly migrating users to the new Domain, with the new Exchange Org (both servers are sharing a single SMTP namespace), and we needed to sync the Global Address List (GalSync). We do so by adding contacts in the TARGET domain, for users that have not yet been migrated. The issue here is that there is no value for X500, LegacyExchangeDN or proxyAddresses. For the users that have already migrated, ADMT 3.2 automatically adds the X500 address (aka proxyAddresses).
As you may or may not know, Outlook stores the recipient address using the LegacyExchangeDN value of the user’s mailbox. Once my users are migrated to the TARGET domain, their outlook is still pointing to the LegacyExchangeDN value from the SOURCE domain. So we need to add the LegacyExchangeDN value from the SOURCE users' mailboxes as an X500 address on the TARGET "Contact" so that Exchange can deliver these emails.
How do I get the LegacyExchangeDN value? Well first of all the NDR will give you a cryptic version of it. Something like:
IMCEAEX-_O=Old+20Organization_ou=Old+20Site_cn=Recipients_cnemail@example.com 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found
I've found the best way to get the LegacyExchangeDN value is by looking up a mailbox user in the SOURCE domain, via AD Users and computers. Make sure Advanced Features is on. Go to the properties of the user and select the "Attribute Editor" tab. Scroll down to LegacyExchangeDN. All you really need is the /o=Old Organization/ou=Old Site/cn=Recipients/cn= part of the value for use later.
Now I want to add the LegacyExchangeDN valus as an X500 address to all my "Contact" users in the TARGET domain. Problem is I want to do this in bulk because I have a lot of contacts, and don't want to do one at a time.
Solution, ADModify.NET tool.
Below is a slightly modified version from Microsoft Support
- Start the ADModify.NET tool.
- Click Modify Attributes.
- In the Domain List, select the domain with which you want to work.
- In the Domain Controller List, select the domain controller with which you want to work.
- In the Show Only section, uncheck everything except Contacts.
- In the Domain Tree section, uncheck everything.
- Click the arrow to search the domain.
- In the search results, click the organizational unit (OU) with which you want to work, and then click Add To List.
- In the details pane, select individual users. Alternatively, click Select All.
Note We recommend that you test these steps on a single recipient before you continue with bulk modifications.
- Click Next.
- Click the Custom tab.
- Under Custom Attribute Set, follow these steps:
a. Click to select the Make a customized attribute modification check box.
b. In the Attribute Name box, type proxyAddresses.
c. In the Attribute Value box, type the X.500 address.
For example, if you want an X.500 address of /o=Old Organization/ou=Old Site/cn=Recipients/cn=mailNickname, type the following in the Attribute Value box:
X500:/o=Old Organization/ou=Old Site/cn=Recipients/cn=%'mailNickname'%
In this example, we use the %'mailNickname'% variable because we assume that the mailNickname attribute in the new organization matches the mailNickname attribute in the old organization. If these attributes do not match, use another variable.
Note If the migrated user account is from an Active Directory directory service environment, use the Adsiedit tool to locate the old legacyExchangeDN attribute of the user. Then, use the old legacyExchangeDN attribute for the X.500 address.
d. Click Multivalued Append, and then click Go.
Once this is completed, you can either manually update the Exchange Offline Address Book, or just wait for Exchange to do it itself.
Finally some users may still experience NDRs, and that’s because their local Offline Address Book has not synced. You can try to sync it by going to the Send/Receive tab, clicking the dropdown for Send/Receive Groups, and clicking Download Address Book. If that doesn’t work, close Outlook, and delete the Offline Address Book located at:(windows 7) C:\Users\username\AppData\Local\Microsoft\Outlook\Offline Address Books. Open Outlook and everything should be ok.
Hope this article can assist you in some of the pitfalls during an Exchange Migration!