Not able to send to cross trusted Exchange forest due to the recipient addresses turning into IMCEAEX-_O.......

We have two trusted Exchange forests -- domain1 and domain2. We tried to use a utility (Forefront Identity Management) to sync the AD user accounts/contacts and by accident caused duplicate email accounts/contacts in both forests. It prevented users from sending email cross the forests with the error:  
"More than one user has this e-mail address. #550 5.1.4 RESOLVER.ADR.Ambiguous; ambiguous address ##"

So we got into AD to delete all the sync-ed accounts/contacts in the destination domains, and thought that should be it. Unfortunately, the issue remained except the error is different:
"The e-mail address you entered couldn't be found."

Further investigation found the recipient email address we carefully typed out in the recipient field is correct for sure as we can see but from the bounced NDR we can see after sending the recipient address being altered to an ExchangeLegacyDN such as:

IMCEAEX-_O=DOMAIN2_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Frank+20Gaines625@domain2.com

And that's why got the "address not found" error.
Again, it only happens while trying to send cross the forest. There is no issue while using OWA.
And the most strange thing is, it only happens to many but NOT all users, whether it is in cached mode or not. We suspected it is cache issue so we did update OAB, GAL, redownloading OAB, etc. But the issue still remains.

Any help is appreciated.
CastlewoodAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Todd NelsonConnect With a Mentor Systems EngineerCommented:
I hate those annoying X400/X500 addresses but at times they are necessary and must be added the the accounts as a proxy address.

Take a look at this article and the associated references ... https://oddytee.wordpress.com/2014/08/22/imceaex-ndrs-after-migrating-psts-to-office-365/

Hopefully it provides you a direction to head.
0
 
CastlewoodAuthor Commented:
Thanks Todd.
The MS support article in the above link states that the auto-complete cache in Outlook or OWA uses  LegacyExchangeDN to route internal emails. Still very confused about how the "translation" works from SMTP to LegacyDN. Look, in our case, all accounts do have at least one proper X.500 in place and I understand the internal recipient SMTP we entered in Outlook will be translated to a LegacyDN for internal routing, according to the above MS support article.
But the problem is, say, the user in domain1 wants to send an email cross forest to jsmith@domain2.com. So he entered the correct SMTP address in Outlook. We verified it was the correct spelling before hitting Send. Right after sending we got the NDR where we can see the translated LegacyDN is with the wrong domain -- @domain1.com. We entered @domain2.com in SMTP, which was translated to @domain1.com in LegacyDN. How could this happen?

Lastly, even more mysterious is, the issue disappeared on the second day around 10:40am EST. Does it mean a LegacyDN has a time to live or what?
0
 
CastlewoodAuthor Commented:
Spoken too early. There was still one user running into this issue. But this time, I empty the Auto-Complete cache list on his Outlook 2013 and fixed his issue. So the issue seems to become randomly in individual users. But what could cause this issue in the Exchange server side?
0
 
Todd NelsonSystems EngineerCommented:
Sufficuent information provided that resolved issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.