Click here to monitor SSC
  • Av rating:
  • Total votes: 139
  • Total comments: 19
Ben Lye

Exchange E-mail Addresses and the Outlook Address Cache

12 January 2009

Because Exchange auto-complete cache uses X.500 addresses for e-mail sent to addresses within the Exchange organization, it will bounce back messages  from a re-created mailbox even after you give the user account all the old SMTP addresses. This is because the old X.500 address in the auto-complete cache is missing, and this  causes Exchange to reject the messages.  Ben Lye explains how to solve this common problem.

A little while ago I had a case where, after all other troubleshooting had failed, I had to solve a mailbox corruption problem by exporting the mailbox content to a PST file, removing the existing mailbox, recreating a new mailbox, then finally importing the PST file back in.  This solved the immediate problem of the corrupt mailbox, but created a new one – when Outlook users tried to e-mail the user either by replying to an existing message or by using Outlook’s auto-completion of the user’s e-mail address, the message would bounce back to the sender.  This happened even though I had re-added all the SMTP addresses that the user previously had.  E-mail from external senders was being received properly, and replies to new messages were OK.

This problem occurs because while the Outlook auto-complete cache stores SMTP addresses for e-mail sent to external addresses, it uses X.500 addresses for e-mail sent to addresses within the Exchange organisation. Even though we had given the user account all the old SMTP addresses, the old X.500 address which Outlook was sending to was missing, and this was causing Exchange to reject the messages.

The use of X.500 addresses goes back to before Exchange 2000, when previous versions of Exchange maintained their own LDAP directory.  Since Exchange 2000 the mailbox’s X.500 address has been stored in the legacyExchangeDN attribute in Active Directory.  The legacyExchangeDN value is set when a mailbox is created, and includes the name of the Exchange administrative group where the mailbox belongs.  LegacyExchangeDN values typically look like this:

/o=Organisation/ou=Administrative Group/cn= Recipients/cn=Username

if you’ve ever wondered
why the Exchange 2007
admin group has the name
FYDIBOHF23SPDLT,  it’s
the text EXCHANGE12ROCKS,
with all the characters shifted
to the right by one!)

Because the legacyExchangeDN value includes the administrative group name changes to admin group names will influence legacyExchangeDN values.  For example when you upgrade from Exchange 2003 to Exchange 2007 your user-defined admin groups are replaced by a single admin group named “Exchange Administrative Group (FYDIBOHF23SPDLT)” – existing mailboxes are unaffected, but mailboxes created after the upgrade will use the new admin group name in their legacyExchangeDN values.  (Incidentally, if you’ve ever wondered why the Exchange 2007 admin group has this name, or what it means, it’s the text EXCHANGE12ROCKS, with all the characters shifted to the right by one!)

The current X.500 address of a mailbox can be retrieved from Active Directory using a tool such as ADSIEdit, or LDP.exe, or by using the Exchange Management Shell:

[PS] C:\>Get-Mailbox juser | fl LegacyExchangeDN
 

LegacyExchangeDN : /o=Example/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=juser
 

[PS] C:\>

The X.500 address of a message sender can be retrieved using a tool such as Microsoft Exchange Server MAPI Editor to open a message and get the PR_SENDER_EMAIL ADDRESS property:

 

Alternatively, you can use a hex editor to open the Outlook auto-completion cache file and retrieve X.500 addresses from there.  The cache is stored in a file in the user’s profile, typically ...
%userprofile%\AppData\Roaming\Microsoft\Outlook\[Outlook profile name].NK2
...  on Windows Vista, or ...
%userprofile%\Application Data\Microsoft\Outlook\[Outlook profile name].NK2
... on Windows 2000, XP or 2003.  There are also other tools available on the Internet which will allow viewing and editing of the content of the auto-completion cache file, but they may not expose the X.500 addresses.

Diagnostic information for administrators:

 

Generating server: demo01.example.com

 

IMCEAEX-_O=COMPANY_OU=USA_cn=Recipients_cn=juser@company.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

In my case, due to our upgrade to Exchange 2007, the user’s legacyExchangeDN value had changed from this on the old mailbox (which had been created prior to the Exchange 2007 upgrade): 

/o=Example/ou=USA/cn=Recipients/cn=juser

To this on the new mailbox:

/o=Example/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=juser

Any new e-mail sent from Outlook using the previously cached X.500 address was being rejected because the old X.500 address no longer existed in the organisation.

The solution to the problem is actually quite simple – add the old legacyExchangeDN X.500 address to the new mailbox as a proxy address.  You can add an X.500 proxy address through the Exchange Management Console, or the Exchange Management Shell.

To add the proxy address in the console, double-click the mailbox you need to add the proxy address to, go to the E-Mail Addresses property page, and add a new custom address:

To add the proxy address in the shell we use the Get-Mailbox and Set-Mailbox cmdlets:

[PS] C:\>$ProxyAddresses = (Get-Mailbox juser).EmailAddresses

[PS] C:\>$ProxyAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:/o=Example/ou=USA/cn=Recipients/cn=juser")

[PS] C:\>Set-Mailbox juser -EmailAddresses $ProxyAddresses

Breaking these commands down:

[PS] C:\>$ProxyAddresses = (Get-Mailbox juser).EmailAddresses

...retrieves the existing proxy addresses for the mailbox and stores them in the $ProxyAddresses variable.

[PS] C:\>$ProxyAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:/o=Example/ou=USA/cn=Recipients/cn=juser")

...adds the new X.500 proxy address to the variable which contains the existing proxy addresses.

[PS] C:\>Set-Mailbox juser -EmailAddresses $ProxyAddresses

Updates the mailbox with the new set of proxy addresses

This technique can be used to solve this problem in a number of other scenarios where the legacyExchangeDN attribute has changed, and is not limited to mailboxes.  For example, if someone leaves the Exchange organisation and you want their e-mail to go to an external e-mail address you would create a contact record with the necessary SMTP proxy addresses.  If you also added the legacyExchangeDN of the old mailbox to the contact record as an X.500 proxy address Outlook users wouldn’t get bounced messages if they used the old entry in their auto-complete caches.

Ben Lye

Author profile:

Ben Lye is a senior systems administrator at a multi-national software company. He has over 10 years experience supporting and administering Windows and Exchange, and has been MCSE and MCP certified since 1999. Ben is passionate about automating and streamlining routine tasks, and enjoys creating and using tools which make day-to-day administration easier.

Search for other articles by Ben Lye

Rate this article:   Avg rating: from a total of 139 votes.


Poor

OK

Good

Great

Must read
Have Your Say
Do you have an opinion on this article? Then add your comment below:
You must be logged in to post to this forum

Click here to log in.


Subject: Regarding issue
Posted by: Ratish (not signed in)
Posted on: Wednesday, January 14, 2009 at 8:26 PM
Message:
Excellent info.

Subject: Regarding this issue
Posted by: fjorjak (not signed in)
Posted on: Saturday, January 17, 2009 at 8:06 PM
Message: Thank you very much! This issue has plaqued me for some time now.

how would you change the legacyExchangeDN for all users such as when you migrate users from Exchange 2003 to Exchange 2007?

Thanks

Subject: Adding X500
Posted by: Nandish (not signed in)
Posted on: Tuesday, January 20, 2009 at 3:56 AM
Message: How can we add the X500 to users mailbox in bulk, something like when we do a migration from Lotus domino to Exchange, its very much required.

Subject: Exchange 2003
Posted by: Mike (view profile)
Posted on: Tuesday, January 20, 2009 at 1:51 PM
Message: Can the custom address be added in Exchange 2003?

thanks

Subject: Re: Regarding this issue
Posted by: benlye (view profile)
Posted on: Friday, January 23, 2009 at 9:14 AM
Message: There is no need to change the legacyExchangeDN value when you migrate your users from Exchange 2003 to Exchange 2007 - Exchange 2007 will work with the value that the user already has.

Ben.

Subject: Re: Adding X500
Posted by: benlye (view profile)
Posted on: Friday, January 23, 2009 at 9:17 AM
Message: If you have a way to filter for the migrated users you can use the Exchange Command Shell to bulk add X500 addresses.

You can provide a filter to the Get-Mailbox cmdlet, pipe the resulting objects into a For-Each loop, and use the PowerShell commands mentioned in the article to add an X500 address to each mailbox.

Ben.

Subject: Re: Exchange 2003
Posted by: benlye (view profile)
Posted on: Friday, January 23, 2009 at 9:20 AM
Message: Yes, you can add custom X500 addresses using Active Directory Users and Computers.
1. Open the user object in ADUC
2. Go to the 'E-Mail Addresses' property page
3. Click the 'New' button
4. Choose 'Custom Address' as the type
5. Enter the X500 address as the address and 'X500' as the type

Ben.

Subject: great Info
Posted by: jinchunsun (view profile)
Posted on: Wednesday, February 11, 2009 at 3:54 PM
Message: Great, I just recreate a mailbox that was from exchange 2000=>2003=>2007. The same problem. After add X500, working fine now.

Subject: One more step...
Posted by: mega24 (view profile)
Posted on: Thursday, June 11, 2009 at 12:38 PM
Message: Had this problem. Looked in an 'old' NK2 file with hex editor...saw the X500 address...added it using ADUC. Recipients resolved using "old" NK2 file work now. BUT...is there any way to assign an address to the mailbox that will allow email in the queues that have already been stung with the SMTP IMCEAEX address to be delivered to the intended mailbox? Just wondering...it may be important to us.

Subject: Worked Perfect
Posted by: Caspan (view profile)
Posted on: Friday, June 11, 2010 at 2:19 PM
Message: Thank you soo much this answer was exactly what I was looking for but because of a different problem. We had a user that got married and we deleted the account and created a new one and everyone uses the NK2 list in the Origination was getting bounces to her because they were using the old address associated to the user saved in the NK2 list. Really bigger problem was when users would email a client and also add in the old disconnected address. When the client replied to the email they also would be using the disconnected address. so got quite messy for a while until I found this and now no matter what they use the user gets their emails.

Subject: IMCEAEX Errors Even After Adding X500
Posted by: WesBlalock (view profile)
Posted on: Monday, August 23, 2010 at 8:25 AM
Message: Great article that clearly describes what's going on. I've hit this snag before and just recently had to do the Export, Delete Mailbox, Create New Mailbox, Import migration strategy. When I ran my test emails to the user's mailbox after the migration I got the IMCEAEX bounce and instantly knew what I'd forgotten to do. I'm here over 24 hours later and still having the issue though. I've verified the correct X500 was entered a number of times, but replies to old emails are still bouncing. If I delete autocomplete entries and resolve the user freshly from the GAL new emails work fine, but folks are still not able to reply to old emails to the users I migrated. Any ideas on where else to check? This usually works like a charm but this time is being very stubborn.

Thanks,
Wes

Subject: IMCEAEX Errors Even After Adding X500
Posted by: WesBlalock (view profile)
Posted on: Monday, August 23, 2010 at 9:22 AM
Message: Great article that clearly describes what's going on. I've hit this snag before and just recently had to do the Export, Delete Mailbox, Create New Mailbox, Import migration strategy. When I ran my test emails to the user's mailbox after the migration I got the IMCEAEX bounce and instantly knew what I'd forgotten to do. I'm here over 24 hours later and still having the issue though. I've verified the correct X500 was entered a number of times, but replies to old emails are still bouncing. If I delete autocomplete entries and resolve the user freshly from the GAL new emails work fine, but folks are still not able to reply to old emails to the users I migrated. Any ideas on where else to check? This usually works like a charm but this time is being very stubborn.

Thanks,
Wes

Subject: CN= References who?
Posted by: James F Dawson (view profile)
Posted on: Thursday, September 2, 2010 at 7:51 AM
Message: Hi Ben, Very nice well written article.

Ben (or anyone):
In what cases would a name change from the begining to the end of the exchange routing string such as

Smith, Cindy</O=CBF/OU=RBC/CN=RECIPIENTS/CN=CINDY DAWSON>
?? (DAWSON, not Smith??)
Please help.
Thanks
James

Subject: THANKYOUTHANKYOUTHANKYOU
Posted by: TomMynar (view profile)
Posted on: Friday, February 18, 2011 at 3:21 PM
Message: We just completed a SBS2003 to Win2k8 + Ex2010 upgrade and we had 3 users that could not get internal email from 5 of 18 total email accounts. We have been working on this for 5 DAYS and NIGHTS.

And you solved the problem in 5 minutes! Thank you so much for posting this. The only thing I would add is that our /ou value was First+20administrative+20group, those "+20" were spaces but I had to type the +20 to make work.

Subject: Excelent!!!
Posted by: spadilla (view profile)
Posted on: Tuesday, May 17, 2011 at 11:09 AM
Message: I looking for many many times why this issue

Subject: Thank You!
Posted by: Notcrawcraw (view profile)
Posted on: Saturday, July 16, 2011 at 5:24 PM
Message: This helped solve a problem with a small, but very vocal group of users in our company.

Subject: Your are the best :-)
Posted by: aicheh (view profile)
Posted on: Saturday, February 18, 2012 at 10:59 AM
Message: My dear Ben

I register my self on this forum just to thank you for your great article. You save me at least 15days of hard work, so thank you thousand times :-)

By the way, your great idea has another great side effect ! When you do a cross forest migration, outlook 2007/2010 is unable to do an automatic profile update, even if autodisocver is correctly working. But after adding the X500 address to the migrated users, i had a great surpise : as i launch Outlook 2007 (just after a mailbox move), the profile update it self automatically ! A really great surprise;

Thank you so much :-)

Hamid

Subject: How to parse wrong string to the right one
Posted by: xXxOlivierxXx (view profile)
Posted on: Saturday, October 6, 2012 at 12:38 AM
Message: Hello all!

I know that this is an old thread and its maybe no longer monitored, but i still have the hope that someone may take a look at it:

Im currently work on IT support for hewlett packard, and i got a case from a user facing the issue described on this topic, but im not sure how to convert the bounce back string to the right one that i have to add as a proxy address (X500). This is the address that i currently have:

IMCEAEX-_O=COMPAQ_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Joey+2Esantos+40hp+2Ecom@Compaq.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

Im not sure now to convert that to add it as a custom address, i read on this forum that i need to remove the "IMCEAEX-_" and leave the "+20" from the string, but i honestly dont really know how should i parse the string, since it looks quite different from the one posted in the steps at the top.

Could anyone help me figuring out how to convert that address?

Thanks in advanced, im finally seeing the light at the end of the tunnel after many days working on this issue hahahaha.

Subject: x500 syntax
Posted by: Janet (view profile)
Posted on: Tuesday, November 5, 2013 at 9:10 AM
Message: Thank you so much for your helpful article. I have found a pattern for the legacy record and was able to put it into a user's email addresses, however, I am not sure about the syntax. I put it in with spaces and wonder if I need to put in the +20 symbols for the spaces.
When we have name changes I change the alias and add the new address and then delete the old address out of the profile 2 weeks later and we had not had this problem before. Learning Opportunity!!!

 

Top Rated

Getting Data Into and Out of PowerShell Objects
 You can execute PowerShell code that creates the data of an object, but there is no cmdlet to generate... Read more...

Migrating to Microsoft BPOS - Part II
 In his last article, Johan gave us a crystal clear guide to preparing to migrate from an on-premises... Read more...

Emulating the Exchange 2003 RUS for Out-of-Band Mailbox Provisioning in Exchange 2007
 Exchange's Recipient Update Service was important in Exchange 2000 or 2003 in order to complete the... Read more...

The Postmasters
 The Exchange Team introduces themselves, and keeps you up-to-date Read more...

For this Exchange Server Archiver, “Transparency” Fits
 Sometimes, it is a great relief when a user of your software gives it a tough test and then reports... Read more...

Most Viewed

Upgrade Exchange 2003 to Exchange 2010
  In this article, the first of two in which Jaap describes how to move from Exchange Server 2003... Read more...

Upgrade Exchange 2003 to Exchange 2010 - Part II
 In Jaap's second article on upgrading straight from Exchange Server 2003 to 2010, he explains how to... Read more...

Goodbye Exchange ExMerge, Hello Export-Mailbox
 ExMerge was a great way of exporting a mailbox to an Exchange PST file, or for removing all occurences... Read more...

Exchange E-mail Addresses and the Outlook Address Cache
 Because Exchange auto-complete cache uses X.500 addresses for e-mail sent to addresses within the... Read more...

Introduction to Exchange Server 2010
 What’s new in Exchange Server 2010 and what features from Exchange Server 2007 have been deprecated?... Read more...

Why Join

Over 400,000 Microsoft professionals subscribe to the Simple-Talk technical journal. Join today, it's fast, simple, free and secure.