Exchange migration and legacyExchangeDN

Published on
15,922 Points
1 Endorsement
Last Modified:
The LegacyExchangeDN is an important value if you want to do pain-free user migrations between Exchange environments. You can avoid a lot of user requests and problems with NDRs (Non-delivery reports) during migration if you think about it before.

Introductory information described in Jamie McKillop's article, NDRs and the legacyExchangeDN. So in this article I want to show you one possible way how to save that important information.

Let's imagine a complex example: migration between different forests and email domains.

Two forests: ex2003.com and ex2010.com.
Two Exchange organizations: Exchange 2003 (the old one) and Exchange 2010 (the new one.
Three mailboxes: A, B and C, which migrated from the Exchange 2003 to Exchange 2010 (by any means).
After migration of the mailboxes you should save the old SMTP address and old legacyExchangeDN as X500 addresses.

Domain EX2003.com
Mailbox Name:         "A"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"
ProxyAddresses:        "SMTP:A@ex2003.com"

Mailbox Name:         "B"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"
ProxyAddresses:        "SMTP:B@ex2003.com"

Mailbox Name:         "C"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"
ProxyAddresses:        "SMTP:C@ex2003.com"

Domain EX2010.com
Mailbox Name:         "A"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=A"
ProxyAddresses:        "SMTP:A@ex2010.com, smtp:A@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"

Mailbox Name:         "B"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=B"
ProxyAddresses:        "SMTP:B@ex2010.com, smtp:B@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"

Mailbox Name:         "A"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=C"
ProxyAddresses:        "SMTP:C@ex2010.com, smtp:C@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"

  • The format of "ProxyAddresses" is Type:Address.
  • "SMTP" (uppercase) means the primary SMTP address. Be careful - only one SMTP address can be primary!
  • The formats of the "legacyExchangeDN" attribute for Exchange 2003 and 2010 are different.
  • Format of the legacyExchangeDN attribute changed several times:
Exchange 5.5 - 2003
/o=/ou=First Administrative Group/cn=Recipients/cn=

Open in new window

Exchange 2007 - 2010 SP1 RU6

/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=

Open in new window

Exchange 2010 SP1 RU6 - 2013

/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=<3 random hex digits>

Open in new window

To change the LegacyExchangeDN to X500 addresses for the mailboxes you may use simple PowerShell commands:
$ProxyAddresses = (Get-Mailbox NAME).EmailAddresses
$ProxyAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=NAME")
Set-Mailbox -Identity NAME -EmailAddresses $ProxyAddresses

Open in new window

But for automation of process I recommend using a script.

Notes for the script:

  • First of all you should collect all information about the email and legacyExcahngeDN from the source system (the "Exchange 2003" organization in our case) into a CSV file.
  • In the case of Exchange 2007 (instead of Exchange 2003) as source system you can upgrade the script to taking legacyExchangeDN automatically from the target AD (if mailboxes still exist).
  • You can run the script as many times as you need (it checks for duplicates).
Example of the legacyexchangedn.csv file:
A@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A
B@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B
C@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C

Open in new window

The script:

# Variables
$File = Import-CSV "C:\Scripts\legacyExchnageDN\legacyexchangedn.csv" –Delimiter “;”
$LogFile = "C:\Scripts\legacyExchnageDN\legacyexchangedn.log"

# Open CSV file. Take email and search it in AD
foreach($mailbox in $File) {
    $email = $mailbox.email
    $dn = "X500:" + $mailbox.dn
    $set = Get-Mailbox -Identity $email -ErrorAction silentlycontinue
    if ($set -ne $Null) {
        # Checking duplicates
        if ($set.EmailAddresses -notcontains $dn) {
            $set.EmailAddresses += $dn
            # Set changes
            Set-Mailbox -Identity $email -emailaddresses @{Add=$set.EmailAddresses}
            # Write into the log file
            $LogText = "Into the mailbox " + $email + " added address " + $dn
            $LogText | Out-File $LogFile -Append

Open in new window

A few pieces of advice:

  • Think about possible problems with the NDR in advance.
  • Save all old user's addresses.
  • Watch out for errors in the Event Log (Error 9217).
Also I recommend follow articles about legacyExchangeDN:

Exchange E-mail Addresses and the Outlook Address Cache - https://www.simple-talk.com/sysadmin/exchange/exchange-e-mail-addresses-and-the-outlook-address-cache/

The Attribute, the Myth, the legacyExchangeDN - http://eightwone.com/2013/08/12/legacyexchangedn-attribute-myth/

IMCEAEX non-delivery report when you send email messages to an internal user in Office 365 dedicated - http://support.microsoft.com/kb/2807779
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free