?
Solved

Exchange 2010 object with LegacyExchangeDN not visible but still exists

Posted on 2011-02-23
10
Medium Priority
?
1,216 Views
Last Modified: 2012-05-11
Hi All

Exchange 2010

The issue is this. Deleted a Contact from the OU in AD (2008R2), confirm this object no longer appears in AD viewed through ADUC, ADSiEdit nor through EMC. However, two things prove that the object still exists and has the LegacyExchangeDN attribute :-

1. Recreated contact and it appended a suffix to the created LegacyExchangeDN.
2. Replied to a mail from the contact after it was deleted, it still tries to send to the LegacyExchangeDN.

We have worked round the problem by adding the original LegacyExchangeDN as an X500 proxy to the newly recreated contact but are concerned that there may be more "ghost objects" in our AD as a result (there were many contacts deleted at that time).

A. How can we find out if there are any more of these "Ghost Objects" (I thought NTDSUTIL but metadatacleanup seems to be for removed DC cleanups only) ?
B. How can we delete any objects identified ?

Thanks to all who respond.
0
Comment
Question by:TheGeezer2010
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
10 Comments
 
LVL 12

Expert Comment

by:Navdeep
ID: 34961984
Hi,

Do you have multiple DC? This could be due to replication latency. Check to which DC ADUC is connecting to and check there if the object still exits. Check on other DC's as we.

use following command to check replication summary
repadmin /replsummary

LegacyExchangeDN  is for backward compatibility with earlier versions of exchange. It is a part of schema although value may or may not be populated depending upon your setup.
http://www.msexchange.org/tutorials/Understanding-LegacyExchangeDN.html
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34962702
Single dc so that is not issue. I am currently working on using Ldp to view deleted objects, then rescinded the contacts. We have found that simply deleting the contact leaves the legacyrxchangedn in ad. Only by disabling the object THEN deleting does it remove all traces of legacyrxchangedn, which will then be reused if the same object is recreated. Will advise how we get on.
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34962704
Single dc so that is not issue. I am currently working on using Ldp to view deleted objects, then rescinded the contacts. We have found that simply deleting the contact leaves the legacyrxchangedn in ad. Only by disabling the object THEN deleting does it remove all traces of legacyrxchangedn, which will then be reused if the same object is recreated. Will advise how we get on.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34962707
Single dc so that is not issue. I am currently working on using Ldp to view deleted objects, then rescinded the contacts. We have found that simply deleting the contact leaves the legacyrxchangedn in ad. Only by disabling the object THEN deleting does it remove all traces of legacyrxchangedn, which will then be reused if the same object is recreated. Will advise how we get on.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34962938
can you show pre and post screen shots of what you are taking about.
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34963286
Not sure what it is that you would like screensjots of ?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34963467
1. Recreated contact and it appended a suffix to the created LegacyExchangeDN.
2. Replied to a mail from the contact after it was deleted, it still tries to send to the LegacyExchangeDN.
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 34971810
Will address this tomorrow - thanks for your response !
0
 
LVL 11

Accepted Solution

by:
TheGeezer2010 earned 0 total points
ID: 35026445
Found this to be the case :-

When an object in AD is marked as deleted (tombstoned), many of its attributes are stripped, but the LegacyExchangeDN is NOT one of those attributes. The correct way to remove the LegacyExchangeDN (and thus make it available for re-use) is to firstly, strip the Exchange attributes by DISABLING the Contact in Exchange, subsequently the object can be safely delted from AD.
This explains why the LegacyExchangeDN was still lingering and therefore NOT available for re-use (hence the DN with a suffix is created within AD).
0
 
LVL 11

Author Closing Comment

by:TheGeezer2010
ID: 35067658
No points awarded as nobody was able to explain the underlying cause of what was observed, but thank you to those who responded.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question