<

Exchange migration and legacyExchangeDN

Published on
15,362 Points
11,762 Views
1 Endorsement
Last Modified:
The LegacyExchangeDN is an important value if you want to do pain-free user migrations between Exchange environments. You can avoid a lot of user requests and problems with NDRs (Non-delivery reports) during migration if you think about it before.

Introductory information described in Jamie McKillop's article, NDRs and the legacyExchangeDN. So in this article I want to show you one possible way how to save that important information.

Let's imagine a complex example: migration between different forests and email domains.

Two forests: ex2003.com and ex2010.com.
Two Exchange organizations: Exchange 2003 (the old one) and Exchange 2010 (the new one.
Three mailboxes: A, B and C, which migrated from the Exchange 2003 to Exchange 2010 (by any means).
------.JPG
After migration of the mailboxes you should save the old SMTP address and old legacyExchangeDN as X500 addresses.

Domain EX2003.com
Mailbox Name:         "A"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"
ProxyAddresses:        "SMTP:A@ex2003.com"

Mailbox Name:         "B"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"
ProxyAddresses:        "SMTP:B@ex2003.com"

Mailbox Name:         "C"
legacyExchangeDN:    "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"
ProxyAddresses:        "SMTP:C@ex2003.com"

Domain EX2010.com
Mailbox Name:         "A"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=A"
ProxyAddresses:        "SMTP:A@ex2010.com, smtp:A@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"

Mailbox Name:         "B"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=B"
ProxyAddresses:        "SMTP:B@ex2010.com, smtp:B@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"

Mailbox Name:         "A"
legacyExchangeDN:    "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=C"
ProxyAddresses:        "SMTP:C@ex2010.com, smtp:C@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"

Notes:
  • The format of "ProxyAddresses" is Type:Address.
  • "SMTP" (uppercase) means the primary SMTP address. Be careful - only one SMTP address can be primary!
  • The formats of the "legacyExchangeDN" attribute for Exchange 2003 and 2010 are different.
  • Format of the legacyExchangeDN attribute changed several times:
Exchange 5.5 - 2003
/o=/ou=First Administrative Group/cn=Recipients/cn=

Open in new window


Exchange 2007 - 2010 SP1 RU6

/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=

Open in new window


Exchange 2010 SP1 RU6 - 2013

/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=<3 random hex digits>

Open in new window


To change the LegacyExchangeDN to X500 addresses for the mailboxes you may use simple PowerShell commands:
$ProxyAddresses = (Get-Mailbox NAME).EmailAddresses
$ProxyAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=NAME")
Set-Mailbox -Identity NAME -EmailAddresses $ProxyAddresses

Open in new window

 
But for automation of process I recommend using a script.

Notes for the script:

  • First of all you should collect all information about the email and legacyExcahngeDN from the source system (the "Exchange 2003" organization in our case) into a CSV file.
  • In the case of Exchange 2007 (instead of Exchange 2003) as source system you can upgrade the script to taking legacyExchangeDN automatically from the target AD (if mailboxes still exist).
  • You can run the script as many times as you need (it checks for duplicates).
Example of the legacyexchangedn.csv file:
email;dn
A@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A
B@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B
C@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C

Open in new window


The script:

# Variables
$File = Import-CSV "C:\Scripts\legacyExchnageDN\legacyexchangedn.csv" –Delimiter “;”
$LogFile = "C:\Scripts\legacyExchnageDN\legacyexchangedn.log"

# Open CSV file. Take email and search it in AD
foreach($mailbox in $File) {
    $email = $mailbox.email
    $dn = "X500:" + $mailbox.dn
    
    $set = Get-Mailbox -Identity $email -ErrorAction silentlycontinue
    if ($set -ne $Null) {
        
        # Checking duplicates
        if ($set.EmailAddresses -notcontains $dn) {
            $set.EmailAddresses += $dn
            
            # Set changes
            Set-Mailbox -Identity $email -emailaddresses @{Add=$set.EmailAddresses}
            
            # Write into the log file
            $LogText = "Into the mailbox " + $email + " added address " + $dn
            $LogText | Out-File $LogFile -Append
        }
    }
}

Open in new window

 
A few pieces of advice:

  • Think about possible problems with the NDR in advance.
  • Save all old user's addresses.
  • Watch out for errors in the Event Log (Error 9217).
 
Also I recommend follow articles about legacyExchangeDN:

Exchange E-mail Addresses and the Outlook Address Cache - https://www.simple-talk.com/sysadmin/exchange/exchange-e-mail-addresses-and-the-outlook-address-cache/

The Attribute, the Myth, the legacyExchangeDN - http://eightwone.com/2013/08/12/legacyexchangedn-attribute-myth/

IMCEAEX non-delivery report when you send email messages to an internal user in Office 365 dedicated - http://support.microsoft.com/kb/2807779
1
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free