Solving the X-500 Issue with inter-tenancy migration of Office365.
We are migrating a number of domains from one tenancy to another within Office 365.
Tenancy 1 has 18 domains and we cannot migrate all at once.
One major issue we have hit migrating from T1 (Tenancy 1) to T2 (Tenancy 2) is NDR's.
If you migrate a user to T2 and they reply to a mail of a user on T1 they get an NDR.
This appears to be because of the use of X500 (not smtp) to relay mail.
The user can send a new mail OK (they search GAL for user and see a contact for user on T1 which relays mail across)
However any reply to a mail pre-migration produces a NDR as it uses X-500 which will not work in T2.
Is there any way to avoid this issue ?
Cheers..
p.
Tenancy 1 has 18 domains and we cannot migrate all at once.
One major issue we have hit migrating from T1 (Tenancy 1) to T2 (Tenancy 2) is NDR's.
If you migrate a user to T2 and they reply to a mail of a user on T1 they get an NDR.
This appears to be because of the use of X500 (not smtp) to relay mail.
The user can send a new mail OK (they search GAL for user and see a contact for user on T1 which relays mail across)
However any reply to a mail pre-migration produces a NDR as it uses X-500 which will not work in T2.
Is there any way to avoid this issue ?
Cheers..
p.
Vasil Michev (MVP)
In theory, all you need to do is add the LegacyDN value for the old tenant object as X500 alias for the new object. In practice, never done this for migration between two O365 tenants, so cannot guarantee it will work. Give it a try and report back? :)
ASKER
Hi Vasil (you are being a great help on this project by the way !!!)
To Confirm Scenario:
Dave is user who migrated to T2
Dave migrated to T2 Today
Mary is user who is still on T1
What's happening now:
Dave sent Mary a mail yesterday.
Both were on T1.
Dave has been migrated to T2 today.
Today Mary Replies to Dave's Mail.
She Get's A NDR as O365 uses X-500 to reply but that is longer active as Dave has migrated.
What you are suggesting will fix issue:
Add X-500 to Dave's T2 Account
Mary replies to mail Dave sent yesterday.
Mail get's delivered to new tenancy as that's where relevant X-500 is.
Is this what you are suggesting ?
Paul.
To Confirm Scenario:
Dave is user who migrated to T2
Dave migrated to T2 Today
Mary is user who is still on T1
What's happening now:
Dave sent Mary a mail yesterday.
Both were on T1.
Dave has been migrated to T2 today.
Today Mary Replies to Dave's Mail.
She Get's A NDR as O365 uses X-500 to reply but that is longer active as Dave has migrated.
What you are suggesting will fix issue:
Add X-500 to Dave's T2 Account
Mary replies to mail Dave sent yesterday.
Mail get's delivered to new tenancy as that's where relevant X-500 is.
Is this what you are suggesting ?
Paul.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Vasil,
I need to add the x500 via powershell but not sure if i have my script correct (the last one).
Syntax i have is....
Example i have is....
What i am using is....
I need to add the x500 via powershell but not sure if i have my script correct (the last one).
Syntax i have is....
$User= Get-Mailbox $User.EmailAddresses+="X500: /O=ORG /OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=XX" Set-Mailbox –EmailAddresses $User.EmailAddressesExample i have is....
$User=Get-Mailbox John $User.EmailAddresses+="X500:/O=ORG /OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=XX" Set-Mailbox John –EmailAddresses $User.EmailAddressesWhat i am using is....
$User=Get-Mailbox aherbert@healthcare.ie $User.EmailAddresses+="X500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=c858c94b45794aee8894aeab18339b48-aherbert" Set-Mailbox aherbert@healthcare.ie –EmailAddresses $User.EmailAddresses
It's correct, just make sure those are new lines or put ";" in between them. And of course, always test with a single user first :)
ASKER
Vasil, because dirsync is in use, it won't let me add X500 via powershell and it says i need to change via on-premise AD.
This is something i wanted to avoid as i don't have complete access to AD and need to go through someone to get to it.
However I have made changes on-premise using ADSIEDIT (as its windows 2003) but it's not showing up on Office365 even after force sync. Any ideas as to why this may be the case ?
This is something i wanted to avoid as i don't have complete access to AD and need to go through someone to get to it.
However I have made changes on-premise using ADSIEDIT (as its windows 2003) but it's not showing up on Office365 even after force sync. Any ideas as to why this may be the case ?
Syncing X500 addresses should not be a problem. Check in the MIISClient if the attribute change is actually picked up by the dirsync process? Also check for any errors with the sync, etc.