Solved

Exchange 2010 object with LegacyExchangeDN not visible but still exists

Posted on 2011-02-23
10
1,209 Views
Last Modified: 2012-05-11
Hi All

Exchange 2010

The issue is this. Deleted a Contact from the OU in AD (2008R2), confirm this object no longer appears in AD viewed through ADUC, ADSiEdit nor through EMC. However, two things prove that the object still exists and has the LegacyExchangeDN attribute :-

1. Recreated contact and it appended a suffix to the created LegacyExchangeDN.
2. Replied to a mail from the contact after it was deleted, it still tries to send to the LegacyExchangeDN.

We have worked round the problem by adding the original LegacyExchangeDN as an X500 proxy to the newly recreated contact but are concerned that there may be more "ghost objects" in our AD as a result (there were many contacts deleted at that time).

A. How can we find out if there are any more of these "Ghost Objects" (I thought NTDSUTIL but metadatacleanup seems to be for removed DC cleanups only) ?
B. How can we delete any objects identified ?

Thanks to all who respond.
0
Comment
Question by:TheGeezer2010
  • 7
  • 3
10 Comments
 
LVL 12

Expert Comment

by:Navdeep
ID: 34961984
Hi,

Do you have multiple DC? This could be due to replication latency. Check to which DC ADUC is connecting to and check there if the object still exits. Check on other DC's as we.

use following command to check replication summary
repadmin /replsummary

LegacyExchangeDN  is for backward compatibility with earlier versions of exchange. It is a part of schema although value may or may not be populated depending upon your setup.
http://www.msexchange.org/tutorials/Understanding-LegacyExchangeDN.html
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34962702
Single dc so that is not issue. I am currently working on using Ldp to view deleted objects, then rescinded the contacts. We have found that simply deleting the contact leaves the legacyrxchangedn in ad. Only by disabling the object THEN deleting does it remove all traces of legacyrxchangedn, which will then be reused if the same object is recreated. Will advise how we get on.
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34962704
Single dc so that is not issue. I am currently working on using Ldp to view deleted objects, then rescinded the contacts. We have found that simply deleting the contact leaves the legacyrxchangedn in ad. Only by disabling the object THEN deleting does it remove all traces of legacyrxchangedn, which will then be reused if the same object is recreated. Will advise how we get on.
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34962707
Single dc so that is not issue. I am currently working on using Ldp to view deleted objects, then rescinded the contacts. We have found that simply deleting the contact leaves the legacyrxchangedn in ad. Only by disabling the object THEN deleting does it remove all traces of legacyrxchangedn, which will then be reused if the same object is recreated. Will advise how we get on.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34962938
can you show pre and post screen shots of what you are taking about.
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34963286
Not sure what it is that you would like screensjots of ?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34963467
1. Recreated contact and it appended a suffix to the created LegacyExchangeDN.
2. Replied to a mail from the contact after it was deleted, it still tries to send to the LegacyExchangeDN.
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34971810
Will address this tomorrow - thanks for your response !
0
 
LVL 11

Accepted Solution

by:
TheGeezer2010 earned 0 total points
ID: 35026445
Found this to be the case :-

When an object in AD is marked as deleted (tombstoned), many of its attributes are stripped, but the LegacyExchangeDN is NOT one of those attributes. The correct way to remove the LegacyExchangeDN (and thus make it available for re-use) is to firstly, strip the Exchange attributes by DISABLING the Contact in Exchange, subsequently the object can be safely delted from AD.
This explains why the LegacyExchangeDN was still lingering and therefore NOT available for re-use (hence the DN with a suffix is created within AD).
0
 
LVL 11

Author Closing Comment

by:TheGeezer2010
ID: 35067658
No points awarded as nobody was able to explain the underlying cause of what was observed, but thank you to those who responded.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now