Exchange migration and legacyExchangeDN

Alexander KireevIT Architect
Published:
The LegacyExchangeDN is an important value if you want to do pain-free user migrations between Exchange environments. You can avoid a lot of user requests and problems with NDRs (Non-delivery reports) during migration if you think about it before.

Introductory information described in Jamie McKillop's article, NDRs and the legacyExchangeDN. So in this article I want to show you one possible way how to save that important information.

Let's imagine a complex example: migration between different forests and email domains.

Two forests: ex2003.com and ex2010.com.
Two Exchange organizations: Exchange 2003 (the old one) and Exchange 2010 (the new one.
Three mailboxes: A, B and C, which migrated from the Exchange 2003 to Exchange 2010 (by any means).
------.JPG
After migration of the mailboxes you should save the old SMTP address and old legacyExchangeDN as X500 addresses.

Domain EX2003.com
Mailbox Name:         "A"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"
ProxyAddresses:        "SMTP:A@ex2003.com"

Mailbox Name:         "B"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"
ProxyAddresses:        "SMTP:B@ex2003.com"

Mailbox Name:         "C"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"
ProxyAddresses:        "SMTP:C@ex2003.com"

Domain EX2010.com
Mailbox Name:         "A"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=A"
ProxyAddresses:        "SMTP:A@ex2010.com, smtp:A@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"

Mailbox Name:         "B"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=B"
ProxyAddresses:        "SMTP:B@ex2010.com, smtp:B@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"

Mailbox Name:         "A"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=C"
ProxyAddresses:        "SMTP:C@ex2010.com, smtp:C@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"

Notes:
  • The format of "ProxyAddresses" is Type:Address.
  • "SMTP" (uppercase) means the primary SMTP address. Be careful - only one SMTP address can be primary!
  • The formats of the "legacyExchangeDN" attribute for Exchange 2003 and 2010 are different.
  • Format of the legacyExchangeDN attribute changed several times:
Exchange 5.5 - 2003
/o=/ou=First Administrative Group/cn=Recipients/cn=

Open in new window


Exchange 2007 - 2010 SP1 RU6

/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=

Open in new window


Exchange 2010 SP1 RU6 - 2013

/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=<3 random hex digits>

Open in new window


To change the LegacyExchangeDN to X500 addresses for the mailboxes you may use simple PowerShell commands:
$ProxyAddresses = (Get-Mailbox NAME).EmailAddresses
                      $ProxyAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=NAME")
                      Set-Mailbox -Identity NAME -EmailAddresses $ProxyAddresses

Open in new window

 
But for automation of process I recommend using a script.

Notes for the script:

  • First of all you should collect all information about the email and legacyExcahngeDN from the source system (the "Exchange 2003" organization in our case) into a CSV file.
  • In the case of Exchange 2007 (instead of Exchange 2003) as source system you can upgrade the script to taking legacyExchangeDN automatically from the target AD (if mailboxes still exist).
  • You can run the script as many times as you need (it checks for duplicates).
Example of the legacyexchangedn.csv file:
email;dn
                      A@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A
                      B@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B
                      C@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C

Open in new window


The script:

# Variables
                      $File = Import-CSV "C:\Scripts\legacyExchnageDN\legacyexchangedn.csv" –Delimiter “;”
                      $LogFile = "C:\Scripts\legacyExchnageDN\legacyexchangedn.log"
                      
                      # Open CSV file. Take email and search it in AD
                      foreach($mailbox in $File) {
                          $email = $mailbox.email
                          $dn = "X500:" + $mailbox.dn
                          
                          $set = Get-Mailbox -Identity $email -ErrorAction silentlycontinue
                          if ($set -ne $Null) {
                              
                              # Checking duplicates
                              if ($set.EmailAddresses -notcontains $dn) {
                                  $set.EmailAddresses += $dn
                                  
                                  # Set changes
                                  Set-Mailbox -Identity $email -emailaddresses @{Add=$set.EmailAddresses}
                                  
                                  # Write into the log file
                                  $LogText = "Into the mailbox " + $email + " added address " + $dn
                                  $LogText | Out-File $LogFile -Append
                              }
                          }
                      }

Open in new window

 
A few pieces of advice:

  • Think about possible problems with the NDR in advance.
  • Save all old user's addresses.
  • Watch out for errors in the Event Log (Error 9217).
 
Also I recommend follow articles about legacyExchangeDN:

Exchange E-mail Addresses and the Outlook Address Cache - https://www.simple-talk.com/sysadmin/exchange/exchange-e-mail-addresses-and-the-outlook-address-cache/

The Attribute, the Myth, the legacyExchangeDN - http://eightwone.com/2013/08/12/legacyexchangedn-attribute-myth/

IMCEAEX non-delivery report when you send email messages to an internal user in Office 365 dedicated - http://support.microsoft.com/kb/2807779
1
13,962 Views

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.