12 January 2009

Exchange E-mail Addresses and the Outlook Address Cache

Because Exchange auto-complete cache uses X.500 addresses for e-mail sent to addresses within the Exchange organization, it will bounce back messages from a re-created mailbox even after you give the user account all the old SMTP addresses. This is because the old X.500 address in the auto-complete cache is missing, and this causes Exchange to reject the messages. Ben Lye explains how to solve this common problem.

A little while ago I had a case where, after all other troubleshooting had failed, I had to solve a mailbox corruption problem by exporting the mailbox content to a PST file, removing the existing mailbox, recreating a new mailbox, then finally importing the PST file back in.  This solved the immediate problem of the corrupt mailbox, but created a new one – when Outlook users tried to e-mail the user either by replying to an existing message or by using Outlook’s auto-completion of the user’s e-mail address, the message would bounce back to the sender.  This happened even though I had re-added all the SMTP addresses that the user previously had.  E-mail from external senders was being received properly, and replies to new messages were OK.

This problem occurs because while the Outlook auto-complete cache stores SMTP addresses for e-mail sent to external addresses, it uses X.500 addresses for e-mail sent to addresses within the Exchange organisation. Even though we had given the user account all the old SMTP addresses, the old X.500 address which Outlook was sending to was missing, and this was causing Exchange to reject the messages.

The use of X.500 addresses goes back to before Exchange 2000, when previous versions of Exchange maintained their own LDAP directory.  Since Exchange 2000 the mailbox’s X.500 address has been stored in the legacyExchangeDN attribute in Active Directory.  The legacyExchangeDN value is set when a mailbox is created, and includes the name of the Exchange administrative group where the mailbox belongs.  LegacyExchangeDN values typically look like this:

if you’ve ever wondered
why the Exchange 2007
admin group has the name
FYDIBOHF23SPDLT,  it’s
the text EXCHANGE12ROCKS,
with all the characters shifted
to the right by one!)

Because the legacyExchangeDN value includes the administrative group name changes to admin group names will influence legacyExchangeDN values.  For example when you upgrade from Exchange 2003 to Exchange 2007 your user-defined admin groups are replaced by a single admin group named “Exchange Administrative Group (FYDIBOHF23SPDLT)” – existing mailboxes are unaffected, but mailboxes created after the upgrade will use the new admin group name in their legacyExchangeDN values.  (Incidentally, if you’ve ever wondered why the Exchange 2007 admin group has this name, or what it means, it’s the text EXCHANGE12ROCKS, with all the characters shifted to the right by one!)

The current X.500 address of a mailbox can be retrieved from Active Directory using a tool such as ADSIEdit, or LDP.exe, or by using the Exchange Management Shell:

The X.500 address of a message sender can be retrieved using a tool such as Microsoft Exchange Server MAPI Editor to open a message and get the PR_SENDER_EMAIL ADDRESS property:

628-image002.jpg

 

Alternatively, you can use a hex editor to open the Outlook auto-completion cache file and retrieve X.500 addresses from there.  The cache is stored in a file in the user’s profile, typically …
%userprofile%\AppData\Roaming\Microsoft\Outlook\[Outlook profile name].NK2
…  on Windows Vista, or …
%userprofile%\Application Data\Microsoft\Outlook\[Outlook profile name].NK2
… on Windows 2000, XP or 2003.  There are also other tools available on the Internet which will allow viewing and editing of the content of the auto-completion cache file, but they may not expose the X.500 addresses.

In my case, due to our upgrade to Exchange 2007, the user’s legacyExchangeDN value had changed from this on the old mailbox (which had been created prior to the Exchange 2007 upgrade): 

To this on the new mailbox:

Any new e-mail sent from Outlook using the previously cached X.500 address was being rejected because the old X.500 address no longer existed in the organisation.

The solution to the problem is actually quite simple – add the old legacyExchangeDN X.500 address to the new mailbox as a proxy address.  You can add an X.500 proxy address through the Exchange Management Console, or the Exchange Management Shell.

To add the proxy address in the console, double-click the mailbox you need to add the proxy address to, go to the E-Mail Addresses property page, and add a new custom address:

628-image005.jpg

628-image007.jpg

628-image009.jpg

To add the proxy address in the shell we use the Get-Mailbox and Set-Mailbox cmdlets:

Breaking these commands down:

…retrieves the existing proxy addresses for the mailbox and stores them in the $ProxyAddresses variable.

…adds the new X.500 proxy address to the variable which contains the existing proxy addresses.

This technique can be used to solve this problem in a number of other scenarios where the legacyExchangeDN attribute has changed, and is not limited to mailboxes.  For example, if someone leaves the Exchange organisation and you want their e-mail to go to an external e-mail address you would create a contact record with the necessary SMTP proxy addresses.  If you also added the legacyExchangeDN of the old mailbox to the contact record as an X.500 proxy address Outlook users wouldn’t get bounced messages if they used the old entry in their auto-complete caches.

Keep up to date with Simple-Talk

For more articles like this delivered fortnightly, sign up to the Simple-Talk newsletter

This post has been viewed 219453 times – thanks for reading.

Tags: , , ,

  • Rate
    [Total: 151    Average: 4.5/5]
  • Share

Ben Lye

View all articles by Ben Lye

  • Ratish

    Regarding issue

    Excellent info.

  • fjorjak

    Regarding this issue
    Thank you very much! This issue has plaqued me for some time now.

    how would you change the legacyExchangeDN for all users such as when you migrate users from Exchange 2003 to Exchange 2007?

    Thanks

  • Nandish

    Adding X500
    How can we add the X500 to users mailbox in bulk, something like when we do a migration from Lotus domino to Exchange, its very much required.

  • Mike

    Exchange 2003
    Can the custom address be added in Exchange 2003?

    thanks

  • benlye

    Re: Regarding this issue
    There is no need to change the legacyExchangeDN value when you migrate your users from Exchange 2003 to Exchange 2007 – Exchange 2007 will work with the value that the user already has.

    Ben.

  • benlye

    Re: Adding X500
    If you have a way to filter for the migrated users you can use the Exchange Command Shell to bulk add X500 addresses.

    You can provide a filter to the Get-Mailbox cmdlet, pipe the resulting objects into a For-Each loop, and use the PowerShell commands mentioned in the article to add an X500 address to each mailbox.

    Ben.

  • benlye

    Re: Exchange 2003
    Yes, you can add custom X500 addresses using Active Directory Users and Computers.
    1. Open the user object in ADUC
    2. Go to the ‘E-Mail Addresses’ property page
    3. Click the ‘New’ button
    4. Choose ‘Custom Address’ as the type
    5. Enter the X500 address as the address and ‘X500’ as the type

    Ben.

  • jinchunsun

    great Info
    Great, I just recreate a mailbox that was from exchange 2000=>2003=>2007. The same problem. After add X500, working fine now.

  • mega24

    One more step…
    Had this problem. Looked in an ‘old’ NK2 file with hex editor…saw the X500 address…added it using ADUC. Recipients resolved using “old” NK2 file work now. BUT…is there any way to assign an address to the mailbox that will allow email in the queues that have already been stung with the SMTP IMCEAEX address to be delivered to the intended mailbox? Just wondering…it may be important to us.

  • Caspan

    Worked Perfect
    Thank you soo much this answer was exactly what I was looking for but because of a different problem. We had a user that got married and we deleted the account and created a new one and everyone uses the NK2 list in the Origination was getting bounces to her because they were using the old address associated to the user saved in the NK2 list. Really bigger problem was when users would email a client and also add in the old disconnected address. When the client replied to the email they also would be using the disconnected address. so got quite messy for a while until I found this and now no matter what they use the user gets their emails.

  • WesBlalock

    IMCEAEX Errors Even After Adding X500
    Great article that clearly describes what’s going on. I’ve hit this snag before and just recently had to do the Export, Delete Mailbox, Create New Mailbox, Import migration strategy. When I ran my test emails to the user’s mailbox after the migration I got the IMCEAEX bounce and instantly knew what I’d forgotten to do. I’m here over 24 hours later and still having the issue though. I’ve verified the correct X500 was entered a number of times, but replies to old emails are still bouncing. If I delete autocomplete entries and resolve the user freshly from the GAL new emails work fine, but folks are still not able to reply to old emails to the users I migrated. Any ideas on where else to check? This usually works like a charm but this time is being very stubborn.

    Thanks,
    Wes

  • WesBlalock

    IMCEAEX Errors Even After Adding X500
    Great article that clearly describes what’s going on. I’ve hit this snag before and just recently had to do the Export, Delete Mailbox, Create New Mailbox, Import migration strategy. When I ran my test emails to the user’s mailbox after the migration I got the IMCEAEX bounce and instantly knew what I’d forgotten to do. I’m here over 24 hours later and still having the issue though. I’ve verified the correct X500 was entered a number of times, but replies to old emails are still bouncing. If I delete autocomplete entries and resolve the user freshly from the GAL new emails work fine, but folks are still not able to reply to old emails to the users I migrated. Any ideas on where else to check? This usually works like a charm but this time is being very stubborn.

    Thanks,
    Wes

  • James F Dawson

    CN= References who?
    Hi Ben, Very nice well written article.

    Ben (or anyone):
    In what cases would a name change from the begining to the end of the exchange routing string such as

    Smith, Cindy</O=CBF/OU=RBC/CN=RECIPIENTS/CN=CINDY DAWSON>
    ?? (DAWSON, not Smith??)
    Please help.
    Thanks
    James

  • TomMynar

    THANKYOUTHANKYOUTHANKYOU
    We just completed a SBS2003 to Win2k8 + Ex2010 upgrade and we had 3 users that could not get internal email from 5 of 18 total email accounts. We have been working on this for 5 DAYS and NIGHTS.

    And you solved the problem in 5 minutes! Thank you so much for posting this. The only thing I would add is that our /ou value was First+20administrative+20group, those “+20” were spaces but I had to type the +20 to make work.

  • spadilla

    Excelent!!!
    I looking for many many times why this issue

  • Notcrawcraw

    Thank You!
    This helped solve a problem with a small, but very vocal group of users in our company.

  • aicheh

    Your are the best 🙂
    My dear Ben

    I register my self on this forum just to thank you for your great article. You save me at least 15days of hard work, so thank you thousand times 🙂

    By the way, your great idea has another great side effect ! When you do a cross forest migration, outlook 2007/2010 is unable to do an automatic profile update, even if autodisocver is correctly working. But after adding the X500 address to the migrated users, i had a great surpise : as i launch Outlook 2007 (just after a mailbox move), the profile update it self automatically ! A really great surprise;

    Thank you so much 🙂

    Hamid

  • xXxOlivierxXx

    How to parse wrong string to the right one
    Hello all!

    I know that this is an old thread and its maybe no longer monitored, but i still have the hope that someone may take a look at it:

    Im currently work on IT support for hewlett packard, and i got a case from a user facing the issue described on this topic, but im not sure how to convert the bounce back string to the right one that i have to add as a proxy address (X500). This is the address that i currently have:

    IMCEAEX-_O=COMPAQ_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Joey+2Esantos+40hp+2Ecom@Compaq.com
    #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

    Im not sure now to convert that to add it as a custom address, i read on this forum that i need to remove the "IMCEAEX-_" and leave the "+20" from the string, but i honestly dont really know how should i parse the string, since it looks quite different from the one posted in the steps at the top.

    Could anyone help me figuring out how to convert that address?

    Thanks in advanced, im finally seeing the light at the end of the tunnel after many days working on this issue hahahaha.

  • Janet

    x500 syntax
    Thank you so much for your helpful article. I have found a pattern for the legacy record and was able to put it into a user’s email addresses, however, I am not sure about the syntax. I put it in with spaces and wonder if I need to put in the +20 symbols for the spaces.
    When we have name changes I change the alias and add the new address and then delete the old address out of the profile 2 weeks later and we had not had this problem before. Learning Opportunity!!!