Avatar of DrDamnit
DrDamnitFlag for United States of America asked on

Reply Field has OU and CN and Other AD as the address

Just did an upgrade of SBS 2008 to Exchange 2010 under Server 2012. The mailboxes were migrated using the various powershell scripts to import and export them to PST files.

After the upgrade was complete, some users are reporting bounce messages (people sending to the user from outside the organization are forwarding bounces, which then get forwarded to me) indicating the that active directory addresses not the regular email addresses are being send in the reply to field.

I found this article, which details a problem and solutionk:

THe question is: is there a simplier way to do it using powershell scripts?

Exchange is 2010 with all the current service packs and roll ups.

Avatar of undefined
Last Comment

8/22/2022 - Mon

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

I don't understand what line 2 is doing.

Here's the batch from csv that I am working with:

import-csv theUsers.csv | foreach {
    $name = $_.Name
    $user = $_.SamAccountName
    $first = $_.First
    $last = $_.Last
    $org = $_.Org 
    $path = $_.Path 
    $enabled = $_.Enabled 

    $user = Get-Mailbox $name
    Set-Mailbox $name -EmailAddresses $user.EmailAddresses

Open in new window


$user.EmailAddresses is the array of email addresses retrieved from the user's Active Directory account settings.

+= is the Powershell operator to append. Just like saying $user.EmailAddresses = $user.EmailAddresses + "new address", as in PHP, Java, et al.

But I am sure you worked that bit out.

I suspect the part you don't understand is the actual value being added.

In Powershell terms, an email address has two parts:

1. The type. This is the "X500" in line 2. If you were to look at the contents of the EmailAddresses array for a user, you would see most of the addresses are of type smtp.

<a colon to separate the two>

2. The actual address.

While there is a CSV for all the users, it does not necessarily follow that the legacyExchangeDN attached to their mailbox on the old system followed a consistent format. If the old system is still available, the best approach would almost certainly be to run Get-Mailbox | fl name,legacyexchangedn at the Exchange Shell on the 2008 box. This will give you the definitive list of addresses which can just be bulk added as X500 addresses to the new system.

If the old system is no longer available, then it will be a process of trial and error. I left the "..." in the address in line 2 to indicate this needs to be filled in with system specific details. The addresses are probably something of the form

X500:/O=First Organization/OU=Exchange Administrative Group (FYDIBOHF23SPDLT)/CN=Recipients/CN=User's Primary Email address

but the latter part could very well not be the user's address, but just their alias, which could just be the part before the @domain.com in their address, but might not be. Similarly, I don't think it is the case here, but had the users on SBS 2008 been upgraded from 2003, their legacyExchangeDNs would not have been upgraded in the process. Pre-Exchange 2007 had the concept of administrative groups, so those users would not be part of the Exchange Administrative Group which is the one and only admin group in 2007 and higher (they got rid of the concept here). But users made after the upgrade would have received the admin group shown above... the Exchange internals are all very complicated when you involve backwards compatibility.

Trivia: FYDIBOHF23SPDLT in the name of the 2007 and higher admin group is the ciphertext output of a Caesar cipher with key 1, in case you hadn't realised.

Mohammed Khawaja

As x500 addresses needs to be modified, it needs to be scripted or use ADMODIFY.  Line 2 sets  $user to the SAM Account name but then it sets it to the mailbox.  I don't believe you need line 2.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

I am, perhaps, making this more complicated in my head that it is in real life.

The old system is available, so I can run the get-mailbox command on it and produce the list as desired.

I am just not seeing the connection between establishing these addresses and telling exchange "Don't use these as the reply address. Ever."