LegacyExchangeDN won't stay the same!
I asked this question in the "Migration" forum, and couldn't get an answer. Maybe the people in the "Admin" forum are smarter!
I have a fresh, pureExchange 2007 environment, and we're migrating from a POP/IMAP mail solution. I have created MailUser objects in the GAL to represent users that still exist in the legacy mail environment.
As our migration proceeds, I expect to "convert" these MailUser objects to Mailbox objects. I have a PowerShell script that is executed at the time each user is migrated. This script pulls all of the secondary proxy addresses, and other attributes, from the MailUser object, disables the MailUser object, and then creates a new Mailbox object for the user and applies these attributes.
The problem I have is that the new Mailbox object does not get created with the same LegacyExchangeDN that the MailUser object had. Instead a "1" is appended to the LegacyExchangeDN. This, of course, will break any replies to old messages other Exchange users might have from the newly-migrated user... so I want the new Mailbox object to have the same LegacyExchangeDN as the MailUser object.
I can only assume this is due to directory replication latency. To accomodate for this, I've tried many things:
I have tried to set my script to run in $AdminSessionADSettings.ViewEntireForest=$false mode
I've specified a consistent domain controller (using the "-DomainController x.company.com" switch") on all of the commands that use it.
I've defined -StaticConfigDomainController and -StaticGlobalCatalogs on all of my Exchange servers (bad idea for long term production, I know, but I'm just trying to get **EVERYTHING** talking to the same domain controller for Exchange config changes so I can troubleshoot this problem)
I've applied Update Rollup 3 for Exchange 2007 to all my servers (which was supposed to address a similar issue here)
I've even tried to add a "sleep" command after each change.
But I still get a different LegacyExchangeDN !
It seems like wherever, or whatever, is generating the LegacyExchangeDN is not recognizing that the old MailUser object has been removed in a reasonable amount of time. Can anyone here tell me where/how the LegacyExchangeDN is created? Does my local PowerShell instance actually generate this value, or is the Enable-Mailbox cmdlet going to an Exchange server or a specific FSMO role to generate the LegacyExchangeDN? I know the RUS is no longer in place to generate this, but I haven't really seen any information about what is now the replacement process that takes over where RUS left off.
This seems like something every migration will want to address.
Any thoughts??
Thanks,
- Jim
July 27th, 2007 6:40pm
My guess is that Exchange has cached the old legacyexchangedn.
what you can do is to add a proxyaddress with a type of X500 and the address of the old legacyexchangedn, this will make replies on old mail work.
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2007 11:39pm
Lasse is right, the admin tools are deleting the mail properties from the "mail-enabled" user and recreating them for the "mailbox enabled" user. This means the legacyExchangeDN goes away. Based on the little testing I did, you could retrieve the mail user's legacyExchangeDN with the Get-MailUser "ObjectName" | FT name,legacyexchangedn
My EMS and scripting skills are weak, but I'm betting you could extract that in your script and then when you convert the mailbox to a mailbox-enabled user you could set that legacyExchangeDN as an x500 address on the mailbox.
July 29th, 2007 11:10pm
The only workaround I found for this problem was to check the LegacyExchangeDN of the newly-created mailbox and if it didn't get the same LegacyExchangeDN as the old MailUser object, then add the old LegacyExchangeDN as a Proxy Address.
For future reference to others who encounter this problem, here'sthe relevant portion of the PowerShell script I used:
Code Snippet
$SourceRecipient = Get-Recipient $emailaddress
If ($SourceRecipient.RecipientType -eq "MailUser" {
$OldLegacyExchangeDN = [string]$SourceRecipient.LegacyExchangeDN
$DistinguishedName = [string]$SourceRecipient.Identity.ToCanonicalName()
$EmailAddresses = $SourceRecipient.EmailAddresses
Disable-MailUser $DistinguishedName -confirm:$false
#An inexplicable5 minute delay here would ensure the Mailbox object gets the
#same LegacyExchangeDN as the old MailUser object. But wereally shouldn'thave
#the user's emailbounce for 5 minutes before we welcome them to Exchange.
$TargetRecipient = Enable-Mailbox -identity $DistinguishedName -database 'Server01/SG01/DB01'
Set-Mailbox $TargetRecipient -EmailAddresses $EmailAddresses
#Check to see if the New LegacyExchangeDN is the same as the old one
#If not, add the old LegacyExchangeDN as an additional Proxy Address
If ([string]$TargetRecipient.LegacyExchangeDN -ne $OldLegacyExchangeDN) {
$EmailAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:" + $OldLegacyExchangeDN)
Set-Mailbox $TargetRecipient -EmailAddresses $EmailAddresses
}
"Conversion of user from MailUser to Mailbox complete."
} Else { throw "This script only converts MailUser objects to Mailbox objects" }
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2007 12:31am
Very useful!! Would you let me blog this? (And give you credit, of course). It would be nice to have it out there and indexed for the Internet.
August 2nd, 2007 1:16am
Sure Jim, feel free. I posted this to help others, so if you can help get the message out I'm all for it!
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2007 9:32pm
Thanks again for sharing your script. It was quite ingenious. I posted a blog entry about it and gave you your probs for it. Hopefully this will help some folks in the future.
http://mostlyexchange.blogspot.com/2007/08/exchange-2007-legacyexchangedn-and-mail.html
August 2nd, 2007 10:58pm
Hi Jim,
I have the same intenal bounce back issue. I am weak of the Power Shell Script. Do I need to make any change of the script you posted if apply to my E2K7.
Thanks a lot!
K Yung.
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2008 6:18am
The Power Shell is all new to me. I need good examples. This was definitely a solid lead. I was able to successfully create an X500 address for a user. I don't know why this had to be such an ordeal. After I do for all users OutLook Reply functionality will work as it should. Thanks for sharing.
August 3rd, 2008 12:04pm
I'm trying to use ur script with Exchange 2010, but when the x.500 address is defined, it leaves it blank. Any help would be appreciated.
My script based on urs:
$emailaddress=$args[0]
$database=$args[1]
$SourceRecipient = Get-Recipient $emailaddress
If ($SourceRecipient.RecipientType -eq "MailUser") {
$OldLegacyExchangeDN = [string]$SourceRecipient.LegacyExchangeDN
$DistinguishedName = [string]$SourceRecipient.Identity.ToCanonicalName()
$EmailAddresses = $SourceRecipient.EmailAddresses
Disable-MailUser $DistinguishedName -confirm:$false
$TargetRecipient = Enable-Mailbox -identity $DistinguishedName -database '$database'
Set-Mailbox $TargetRecipient -EmailAddressPolicyEnabled $false -EmailAddresses $EmailAddresses
If ([string]$TargetRecipient.LegacyExchangeDN -ne $OldLegacyExchangeDN) {
$EmailAddresses += [Microsoft.Exchange.Data.CustomProxyAddress]("X500:" + $OldLegacyExchangeDN)
Set-Mailbox $TargetRecipient -EmailAddresses $EmailAddresses
}
"Conversion of user from MailUser to Mailbox complete."
} Else { throw "This script only converts MailUser objects to Mailbox objects" }
Kind Regards,
LlorençMonguitronik
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2010 10:40am
Hi, Jim,
Is there any way that we can apply this to mailuser in a particular OU instead of every mailuser.
Thank. i'm cracking my head over it and I am not good at scripting and going production in a few days. I will be glad you can shed me some lights on how to modify your code.
Frost
August 26th, 2010 1:56pm