Exchange and the LegacyExchangeDN Problem

KB ID 0001468

Problem

Why do we have the Exchange LegacyDN? It’s a throwback, from a time when we had our users, and our mail users in different databases. Below you can see the ExchangeLegacyDN for this Exchange on-premises user;

/O=First Organisation/OU=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn={something-user-specific}

Who cares? Well they are still important, if you send an internal email (to someone in the same Exchange Organisation). Exchange uses this address NOT the SMTP address which you would expect. Also Microsoft Outlook has a habit of caching this address and NOT the SMTP address. Normally this is not a problem, UNTILL you migrate your mail somewhere else, then the internal cached ExchangeLegacyDN addresses are now incorrect. (See error message below).

How Does Migrating To Office 365 Handle This?

If you do a Hybrid Exchange Migration with Azure AD sync, this is all ‘fixed’ in the background for you, When you first get your AD user ‘synced’ (i.e before you migrate the mailbox) you get an X500 address that’s just used in O365.

Then once the mailbox is migrated the users gets the ExchangeLegacyDN copied across as an additional X500 Address.

In fact if you repeat the command we did at the very start, you will see the on-prem user no longer has an ExchangeLegacyDN

Note: As pointed out, (below) you can run ‘Get-Remotemailbox “Pete Long” |  FL LegacyExchangeDN‘ to locate mailboxes not hosted on the mail server you are working on.

LegacyExchangeDN Problems

You will see problems ‘Post Migration‘ to another domain, to a newer version of Exchange, or if you use a third party tool, to migrate your users to Office 365, (which is just another domain to be honest).

If your users attempt to send an email to a ‘cached’ address, they will get an error that looks like this;

More Info for Email Admins
Status code: 550 5.1.11

The recipient email address is a LegacyExchangeDN address, which isn’t used by the Office 365 service. You might see this error if you’ve migrated your organization’s email from on-premises to the cloud, or if your organization has a hybrid configuration and you synchronize your on-premises directory with Office 365. If clearing the recipient Auto-Complete List from the user’s Outlook or Outlook on the web doesn’t solve the problem, try to clear the related LegacyExchangeDN address from your on-premises Active Directory. Then synchronize the directory again.

For more information, see Fix email delivery issues for error code 5.1.11 in Office 365.

Original Message Details

Created Date:     06/09/2018 15:37:37

Sender Address: pete@pnl.co.uk

Recipient Address:            IMCEAEX-_O=PNL_OU=First+20Administrative+20Group_cn=Recipients_cn=Bob+2EGSmith@GBRP265.PROD.OUTLOOK.COM

Subject: CRS Update

Error Details

Reported error:  550 5.1.11 RESOLVER.ADR.ExRecipNotFound; Recipient not found

You can either tell your users to run (within Outlook) File > Options > Mail > Send Messages > Empty Auto-Complete List.

Or try fighting with your users NK2 Files, (if you are on older versions of Outlook).

Outlook Autocomplete / Nickname / Nk2 file

Or you can export all the ExchangeLegacyDN addresses from your source domain, (in x400 format), convert them to x500 format and import them into your new domain as an additional ProxyAddress, that will get replicated to Office 365, or understood by your newer version of Exchange. (NOTE: If you are running AzureAD Sync you import them into the on-prem domain and let the changes synchronise to Office 365.)

Export LegacyExchangeDN Addresses (Source Domain)

On a DC or a machine that you have imported the Active Directory module;

[box]

Get-ADUser -SearchBase “DC=YOUR-DOMAIN,DC=COM” -Filter * -Properties SamAccountName,legacyExchangeDN | Select-Object SamAccountName,legacyExchangeDN | Export-CSV C:\Temp\Exported-LegacyDN.csv -NoTypeInformation

[/box]

Import LegacyExchangeDN Addresses (Target Domain)

Save the following as Import.ps1 then run the script;

[box]

Import-Module ActiveDirectory
$Input = Import-CSV C:\Temp\Exported-LegacyDN.csv
ForEach ($ADUser in $Input){
if ($ADUser.legacyExchangeDN){
Set-ADUser -Identity $ADUser.SamAccountName -add @{proxyAddresses=”X500:$($ADUser.legacyExchangeDN)”}
}
}

[/box]

Related Articles, References, Credits, or External Links

NA

PowerShell: Restart Fails ‘Other Users Logged On’

KB ID 0001374

Problem

If you intend to shutdown, or restart a remote computer using PowerShell, you may see the following error message;

PS C:\> Restart-Computer “Computer-name
Restart-Computer : This command cannot be run on target computer(‘Computer-name’) due to following error: The system shutdown cannot be initiated because there are other users logged on to the computer.
At line:1 char:1
+ REstart-Computer “Computer-name
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Computer-name:String) [Restart-Computer], InvalidOperationException
+ FullyQualifiedErrorId : RestartComputerFailed, Microsoft.PowerShell.Commands.RestartComputerCommand

Solution

You need to add the -Force flag to the command like so;

Related Articles, References, Credits, or External Links

NA

Exchange 2010 – EMC Error ‘GetSteppablePipeline execution of scripts is disabled’

KB ID 0001351 

Problem

Seen when attempting to open the Exchange Management Console;

Exception calling “GetSteppablePipeline: with “1” argument(s): File C:\ProgramFiles\Exchange Server\v14\RemoteScripts\ConsoleInitialize.ps1 cannot be loaded because the  execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.”

Solution

This is usually caused by an update rollup, and can be easily fixed by running the following command at an administrative PowerShell session.

[box]Set-ExecutionPolicy RemoteSigned -scope LocalMachine[/box]

Note: Sometimes you may get an error message;

Set-ExecutionPolicy : Access to the registry key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell’ is denied.

If that happens launch regedit.exe navigate to the above value and change it from ‘Restricted’ to ‘Unrestricted’.

Related Articles, References, Credits, or External Links

NA