Go Premium for a chance to win a PS4. Enter to Win


IMCEAEX NDRs after migrating PSTs to Exchange or Office 365

Published on
3,594 Points
Last Modified:
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In recent project, we helped a company diverge from their parent organization to a new domain. As a result of the separation, the parent company decided to only provide PST files that we would use to populate the Office 365 mailboxes.

After we imported over 700 PSTs to their associated mailboxes in O365, users began using their PSTs to access and reply to historical items that were not imported.  The result of replying to emails that came from an environment that had Exchange in an environment that does not have Exchange resulted in NDRs and confusion for the users.  The confusion had to do with the fact that the reply seemed to have the correct email address but in actuality had some weird address that attempted to direct the reply back to the originating Exchange organization.  Since that organization is no longer accessible, messages failed to be delivered.

The consequence was an NDR with information that included text similar to the following.  This info did not exist in the O365 tenant.

Open in new window

A little research lead me to this article … IMCEAEX non-delivery report when you send email messages to an internal user in Office 365 dedicated.  The first method in the article would cause the IT staff to contact each user to help them clear their Outlook name cache, however, it wouldn't have worked since these were brand new Outlook profiles, in a brand new domain, on brand new machines.

To resolve the issue, we needed to somehow add the cached LegacyExchangeDN attribute (that was causing the NDR) as a proxy address in AD that would then be synced to O365.

So, using method 2, we were able to convert the information in the NDR to a readable X500 address.


Open in new window

This address actually matched what was in the parent company Exchange environment.  The CN, in this example, is a reference to the user principle name. And since we had this info, were able to create a list of X500 addresses for every user in the new company that was moved to O365.

With this information, we then used PowerShell to add a proxy address to every user and group in AD.

Get-ADUser -Identity "email.user1" | Set-ADUser -Add @{'ProxyAddresses'=@("X500:/O=FIRST ORGANIZATION/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=326000960")}

Open in new window

After adding the proxy addresses and confirming they had been synced to O365 (via DirSync), the users were able to successfully reply to the historical mail items from their PST files.


Author:Todd Nelson

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Join & Write a Comment

A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month