Browse All Articles > Exchange migration and legacyExchangeDN
The LegacyExchangeDN is an important value if you want to do pain-free user migrations between Exchange environments. You can avoid a lot of user requests and problems with NDRs (Non-delivery reports) during migration if you think about it before.
Introductory information described in Jamie McKillop's article, NDRs and the legacyExchangeDN. So in this article I want to show you one possible way how to save that important information.
Let's imagine a complex example: migration between different forests and email domains.
Two forests: ex2003.com and ex2010.com.
Two Exchange organizations: Exchange 2003 (the old one) and Exchange 2010 (the new one.
Three mailboxes: A, B and C, which migrated from the Exchange 2003 to Exchange 2010 (by any means).
![------.JPG]()
After migration of the mailboxes you should save the old SMTP address and old legacyExchangeDN as X500 addresses.
Domain EX2003.com
Mailbox Name: "A"
legacyExchangeDN: "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"
ProxyAddresses: "SMTP:A@ex2003.com"
Mailbox Name: "B"
legacyExchangeDN: "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"
ProxyAddresses: "SMTP:B@ex2003.com"
Mailbox Name: "C"
legacyExchangeDN: "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"
ProxyAddresses: "SMTP:C@ex2003.com"
Domain EX2010.com
Mailbox Name: "A"
legacyExchangeDN: "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=A"
ProxyAddresses: "SMTP:A@ex2010.com, smtp:A@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"
Mailbox Name: "B"
legacyExchangeDN: "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=B"
ProxyAddresses: "SMTP:B@ex2010.com, smtp:B@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"
Mailbox Name: "A"
legacyExchangeDN: "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=C"
ProxyAddresses: "SMTP:C@ex2010.com, smtp:C@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"
Notes:
Exchange 2007 - 2010 SP1 RU6
Exchange 2010 SP1 RU6 - 2013
To change the LegacyExchangeDN to X500 addresses for the mailboxes you may use simple PowerShell commands:
But for automation of process I recommend using a script.
Notes for the script:
The script:
A few pieces of advice:
Also I recommend follow articles about legacyExchangeDN:
Exchange E-mail Addresses and the Outlook Address Cache - https://www.simple-talk.com/sysadmin/exchange/exchange-e-mail-addresses-and-the-outlook-address-cache/
The Attribute, the Myth, the legacyExchangeDN - http://eightwone.com/2013/08/12/legacyexchangedn-attribute-myth/
IMCEAEX non-delivery report when you send email messages to an internal user in Office 365 dedicated - http://support.microsoft.com/kb/2807779
Introductory information described in Jamie McKillop's article, NDRs and the legacyExchangeDN. So in this article I want to show you one possible way how to save that important information.
Let's imagine a complex example: migration between different forests and email domains.
Two forests: ex2003.com and ex2010.com.
Two Exchange organizations: Exchange 2003 (the old one) and Exchange 2010 (the new one.
Three mailboxes: A, B and C, which migrated from the Exchange 2003 to Exchange 2010 (by any means).
After migration of the mailboxes you should save the old SMTP address and old legacyExchangeDN as X500 addresses.
Domain EX2003.com
Mailbox Name: "A"
legacyExchangeDN: "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"
ProxyAddresses: "SMTP:A@ex2003.com"
Mailbox Name: "B"
legacyExchangeDN: "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"
ProxyAddresses: "SMTP:B@ex2003.com"
Mailbox Name: "C"
legacyExchangeDN: "/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"
ProxyAddresses: "SMTP:C@ex2003.com"
Domain EX2010.com
Mailbox Name: "A"
legacyExchangeDN: "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
ProxyAddresses: "SMTP:A@ex2010.com, smtp:A@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A"
Mailbox Name: "B"
legacyExchangeDN: "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
ProxyAddresses: "SMTP:B@ex2010.com, smtp:B@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B"
Mailbox Name: "A"
legacyExchangeDN: "/o=NEW/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
ProxyAddresses: "SMTP:C@ex2010.com, smtp:C@ex2003.com, X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C"
Notes:
- The format of "ProxyAddresses" is Type:Address.
- "SMTP" (uppercase) means the primary SMTP address. Be careful - only one SMTP address can be primary!
- The formats of the "legacyExchangeDN" attribute for Exchange 2003 and 2010 are different.
- Format of the legacyExchangeDN attribute changed several times:
/o=/ou=First Administrative Group/cn=Recipients/cn=
Exchange 2007 - 2010 SP1 RU6
/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=
Exchange 2010 SP1 RU6 - 2013
/o=/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=<3 random hex digits>
To change the LegacyExchangeDN to X500 addresses for the mailboxes you may use simple PowerShell commands:
$ProxyAddresses = (Get-Mailbox NAME).EmailAddresses
$ProxyAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:/o=OLD/ou=First Administrative Group/cn=Recipients/cn=NAME")
Set-Mailbox -Identity NAME -EmailAddresses $ProxyAddresses
But for automation of process I recommend using a script.
Notes for the script:
- First of all you should collect all information about the email and legacyExcahngeDN from the source system (the "Exchange 2003" organization in our case) into a CSV file.
- In the case of Exchange 2007 (instead of Exchange 2003) as source system you can upgrade the script to taking legacyExchangeDN automatically from the target AD (if mailboxes still exist).
- You can run the script as many times as you need (it checks for duplicates).
email;dn
A@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=A
B@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=B
C@ex2003.com;/o=OLD/ou=First Administrative Group/cn=Recipients/cn=C
The script:
# Variables
$File = Import-CSV "C:\Scripts\legacyExchnageDN\legacyexchangedn.csv" –Delimiter “;”
$LogFile = "C:\Scripts\legacyExchnageDN\legacyexchangedn.log"
# Open CSV file. Take email and search it in AD
foreach($mailbox in $File) {
$email = $mailbox.email
$dn = "X500:" + $mailbox.dn
$set = Get-Mailbox -Identity $email -ErrorAction silentlycontinue
if ($set -ne $Null) {
# Checking duplicates
if ($set.EmailAddresses -notcontains $dn) {
$set.EmailAddresses += $dn
# Set changes
Set-Mailbox -Identity $email -emailaddresses @{Add=$set.EmailAddresses}
# Write into the log file
$LogText = "Into the mailbox " + $email + " added address " + $dn
$LogText | Out-File $LogFile -Append
}
}
}
A few pieces of advice:
- Think about possible problems with the NDR in advance.
- Save all old user's addresses.
- Watch out for errors in the Event Log (Error 9217).
Also I recommend follow articles about legacyExchangeDN:
Exchange E-mail Addresses and the Outlook Address Cache - https://www.simple-talk.co
The Attribute, the Myth, the legacyExchangeDN - http://eightwone.com/2013/
IMCEAEX non-delivery report when you send email messages to an internal user in Office 365 dedicated - http://support.microsoft.c
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)