KB ID 0001468
Problem
Why do we have the Exchange LegacyDN? It’s a throwback, from a time when we had our users, and our mail users in different databases. Below you can see the ExchangeLegacyDN for this Exchange on-premises user;
/O=First Organisation/OU=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn={something-user-specific}
Who cares? Well they are still important, if you send an internal email (to someone in the same Exchange Organisation). Exchange uses this address NOT the SMTP address which you would expect. Also Microsoft Outlook has a habit of caching this address and NOT the SMTP address. Normally this is not a problem, UNTILL you migrate your mail somewhere else, then the internal cached ExchangeLegacyDN addresses are now incorrect. (See error message below).
How Does Migrating To Office 365 Handle This?
If you do a Hybrid Exchange Migration with Azure AD sync, this is all ‘fixed’ in the background for you, When you first get your AD user ‘synced’ (i.e before you migrate the mailbox) you get an X500 address that’s just used in O365.
Then once the mailbox is migrated the users gets the ExchangeLegacyDN copied across as an additional X500 Address.
In fact if you repeat the command we did at the very start, you will see the on-prem user no longer has an ExchangeLegacyDN
Note: As pointed out, (below) you can run ‘Get-Remotemailbox “Pete Long” | FL LegacyExchangeDN‘ to locate mailboxes not hosted on the mail server you are working on.
LegacyExchangeDN Problems
You will see problems ‘Post Migration‘ to another domain, to a newer version of Exchange, or if you use a third party tool, to migrate your users to Office 365, (which is just another domain to be honest).
If your users attempt to send an email to a ‘cached’ address, they will get an error that looks like this;
More Info for Email Admins
Status code: 550 5.1.11The recipient email address is a LegacyExchangeDN address, which isn’t used by the Office 365 service. You might see this error if you’ve migrated your organization’s email from on-premises to the cloud, or if your organization has a hybrid configuration and you synchronize your on-premises directory with Office 365. If clearing the recipient Auto-Complete List from the user’s Outlook or Outlook on the web doesn’t solve the problem, try to clear the related LegacyExchangeDN address from your on-premises Active Directory. Then synchronize the directory again.
For more information, see Fix email delivery issues for error code 5.1.11 in Office 365.
Original Message Details
Created Date: 06/09/2018 15:37:37
Sender Address: pete@pnl.co.uk
Recipient Address: IMCEAEX-_O=PNL_OU=First+20Administrative+20Group_cn=Recipients_cn=Bob+2EGSmith@GBRP265.PROD.OUTLOOK.COM
Subject: CRS Update
Error Details
Reported error: 550 5.1.11 RESOLVER.ADR.ExRecipNotFound; Recipient not found
You can either tell your users to run (within Outlook) File > Options > Mail > Send Messages > Empty Auto-Complete List.
Or try fighting with your users NK2 Files, (if you are on older versions of Outlook).
Outlook Autocomplete / Nickname / Nk2 file
Or you can export all the ExchangeLegacyDN addresses from your source domain, (in x400 format), convert them to x500 format and import them into your new domain as an additional ProxyAddress, that will get replicated to Office 365, or understood by your newer version of Exchange. (NOTE: If you are running AzureAD Sync you import them into the on-prem domain and let the changes synchronise to Office 365.)
Export LegacyExchangeDN Addresses (Source Domain)
On a DC or a machine that you have imported the Active Directory module;
[box]
Get-ADUser -SearchBase “DC=YOUR-DOMAIN,DC=COM” -Filter * -Properties SamAccountName,legacyExchangeDN | Select-Object SamAccountName,legacyExchangeDN | Export-CSV C:\Temp\Exported-LegacyDN.csv -NoTypeInformation
[/box]
Import LegacyExchangeDN Addresses (Target Domain)
Save the following as Import.ps1 then run the script;
[box]
Import-Module ActiveDirectory
$Input = Import-CSV C:\Temp\Exported-LegacyDN.csv
ForEach ($ADUser in $Input){
if ($ADUser.legacyExchangeDN){
Set-ADUser -Identity $ADUser.SamAccountName -add @{proxyAddresses=”X500:$($ADUser.legacyExchangeDN)”}
}
}
[/box]
Related Articles, References, Credits, or External Links
NA