none
Random 3 Character Hex Appended in LegacyExchangeDN Attribute After Enabling User Mailbox

    Question

  • Hi Experts,

    Currently encoutering an issue when we enable a user mailbox in EMC. The LegacyExchangeDN attribute will end with a random 3 character hex. For example the LegacyExchangeDN will show /o=<Exch Org Name>/ou=Exchange Administrative Group(FYDIBOHF23SPDLT)/cn=Recipients/cn=<firstname>.<lastname>f45 where f45 is the random hex.

    In our environment, the user CN, mailNickName, name, sAMAccountName attributes are all <firstname>.<lastname>. The mail attribute is <firstname>.<lastname>@company.com.

    To my understanding, the legacyExchangeDN is populated based on the mailNickName and has to be unique in the org as this is the value Exchange uses for internal mail routing. I found a reference online whereby if there is a conflict in the LegacyExchangeDN value, AD/Exchange will automatically append the value with a random 8 digit number to ensure uniqueness when a new mailbox is enabled. I haven't found anything related to appending a hex value.

    Also I queried my AD for legacyExchangeDN attribute matching "/o=<Exch Org Name>/ou=Exchange Administrative Group(FYDIBOHF23SPDLT)/cn=Recipients/cn=<firstname>.<lastname>" for a particular user before mailbox enabling them in Exchange. No matches returned but when I mailbox enabled them and check the attribute afterwards, a random 3 character hex is there!

    Tried creating a brand new user and same thing happens.

    When Exchange was first installed, we did not have this problem, its only with the last few mailbox activation (enabling) that this is happening. Only thing that I can think of that has changed recently is updating to SP1 RU6 from SP1. 

    Anyone else encounter this issue before?

    Thanks

    Tuesday, January 31, 2012 2:10 PM

Answers

  • Hi Dave K,

    It has been confirmed as by design. It is the new feature which would be added after rollup 6 and later update.


    Xiu Zhang

    TechNet Community Support

    • Marked as answer by Dave K - IT Wednesday, February 08, 2012 4:32 PM
    Monday, February 06, 2012 2:40 AM
    Moderator

All replies

  • Hi,

    I have verify the issue in my lab, it can be reproduced.

    My server version is 14.2.247.5.

    It cannot be reproduced in another lab which server version is 14.1.218.

    I will make another lab which will have rollup 6 installed and then test the issue again.

     


    Xiu Zhang

    TechNet Community Support

    Thursday, February 02, 2012 7:53 AM
    Moderator
  • Hi Xiu,

    Thanks for testing. Good to know that I'm not the only one experiencing this.

    I threw up a brand new lab on 2010 SP1 (14.1.218) then updated it to RU6 (14.1.355) and was able to reproduce the issue again. I guess the issue is also present in SP2 (14.2.247.5) like you mentioned.

    I hope this wont break anything or cause any incompatibilities with other services such as BES.

    Thanks again, I'll wait for the result in your lab.

    Thursday, February 02, 2012 6:31 PM
  • Hi,

    I can reproduce the issue with rollup 6 installed from my lab, It would be a known issue, I think. I will try to discuss the issue with other engineer. If any update I will update here.


    Xiu Zhang

    TechNet Community Support

    Friday, February 03, 2012 3:02 AM
    Moderator
  • Thanks Xiu for verifying. I will wait for your update.

    Friday, February 03, 2012 3:30 PM
  • In fact, we have the same issue here in an E2K10 environment after applying SP2.... We synchronize contacts from another Exchange environment, for newly created contacts we suddenly have a legacyExchangeDN like

    "/o=<Exch Org Name>/ou=Exchange Administrative Group(FYDIBOHF23SPDLT)/cn=Recipients/cn=<objectName><3 random hex digits>"

    Strange: instead of using the mailNickname (exchange alias) to build the legacy ExchangeDN, the system uses the object name (CN) of the contact, together with the three random numbers... For our sync, sometimes contacts are deleted and re-created again later -> this new behavior in the legacyExchangeDN creation leads to errors when users have the regarding contacts as recipients in their outlook nickname cache ..... :( very annoying.

    Is there any possibilty to configure the internal legacyExchangeDN creation rule ??


    • Edited by PFoeckeler Saturday, February 04, 2012 11:45 PM
    Saturday, February 04, 2012 11:40 PM
  • Hi Dave K,

    It has been confirmed as by design. It is the new feature which would be added after rollup 6 and later update.


    Xiu Zhang

    TechNet Community Support

    • Marked as answer by Dave K - IT Wednesday, February 08, 2012 4:32 PM
    Monday, February 06, 2012 2:40 AM
    Moderator
  • Thanks Xiu for the information. I assume its to further ensure uniqueness in the attribute throughout the org?

    Wednesday, February 08, 2012 4:32 PM
  • Yes, I is to avoid to have duplicated legacyExchangeDn in the futher.

    Xiu Zhang

    TechNet Community Support

    Thursday, February 09, 2012 1:45 AM
    Moderator
  • Hi Xiu,

    in our case the users are confused about this new feature.

    When they type in the "to" field the receipient, the nicknames they type are with these numbers too. For example:

    Bap, Anna <Bap, Anna645>

    The reason for this seems that the nickname is built by the legacyexchangeDN.

    What could we do?

    Friday, February 17, 2012 3:26 PM
  • Hi!

    Can not find it in release notes

    http://support.microsoft.com/kb/2608646/en-us

    why?


    Truly, Valery Tyurin

    Wednesday, February 29, 2012 9:41 AM
  • Hi!

    Can not find it in release notes

    http://support.microsoft.com/kb/2608646/en-us

    why?


    Truly, Valery Tyurin

    Hi Valery Tyurin,

    Yes, it has been confirmed by microsoft as a new feature in Exchange 2010 SP1 RU6 and the later version. We will use it to aviod to have duplicated legacyExchangeDN in the futher.


    Xiu Zhang

    TechNet Community Support

    Thursday, March 01, 2012 6:54 AM
    Moderator
  • Not sure if this is my problem, but after applying SP2 on one of my Exchange Server 2010, it stop working two way sync on the BES calendar. It only works when the appointment is created at the Outlook, but when it is created on BlackBerry device it don't comes to outlook. If try IEMtest get error CreateInstance failed (0x800401f3)
    Wednesday, June 20, 2012 11:22 AM
  • Xiu Zhang,

    you know, that is the worst design.

    don't know how the foo plan this design.

    Wednesday, October 17, 2012 3:27 PM

  • "/o=<Exch Org Name>/ou=Exchange Administrative Group(FYDIBOHF23SPDLT)/cn=Recipients/cn=<objectName><3 random hex digits>"

    Strange: instead of using the mailNickname (exchange alias) to build the legacy ExchangeDN, the system uses the object name (CN) of the contact, together with the three random numbers... For our sync, sometimes contacts are deleted and re-created again later -> this new behavior in the legacyExchangeDN creation leads to errors when users have the regarding contacts as recipients in their outlook nickname cache ..... :( very annoying.

    Is there any possibilty to configure the internal legacyExchangeDN creation rule ??


    Agreed, VERY ANNOYING !
    Wednesday, October 17, 2012 3:29 PM
  • Hi!

    Can not find it in release notes

    http://support.microsoft.com/kb/2608646/en-us

    why?


    Truly, Valery Tyurin

    Hi Valery Tyurin,

    Yes, it has been confirmed by microsoft as a new feature in Exchange 2010 SP1 RU6 and the later version. We will use it to aviod to have duplicated legacyExchangeDN in the futher.


    Xiu Zhang

    TechNet Community Support

    Adding a control point to check the duplication. if duplicated, then fail is better than just adding random suffix..
    Wednesday, October 17, 2012 3:33 PM
  • EASF, 

    the BES will have error when syncing calendar and mail if the random suffix changed. 

    moreover, on the hand, that random suffix will be change random also.

    Wednesday, October 17, 2012 3:36 PM
  • I am having this same issue.  Has anyone found a solution to remove the 3 characters?  How would I change the mailbox to not include those?

    Thanks

    Thursday, January 03, 2013 2:20 PM
  • This is a stupid feature! We've not noticed it anywhere else, but a customer we've just migrated over from mDaemon has noticed this and to be frank they're annoyed that the new fandangly system displays names like this !

    Any work arounds other than editing 100+ users via adsiedit and making this part of the new user setup procedure ?

    Friday, May 10, 2013 5:12 PM
  • I installed an SBS 2011 a few weeks ago and they have had an awful time inviting people into a public folder calendar with lots of bounce backs..

    Delivery has failed to these recipients or groups:

     

    xxx You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

      yyy You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk.

    First it was because exchange hadn't put in user.local so added these addresses, but then it still failed then looking at the email address there was the extra hex. Using the adsiedit I have edited the legacy / hex element. Fortunately there's only a few users so it didn't take long.

    I agree, it is a stupid feature which clearly is causing issues.

    Friday, August 02, 2013 8:17 AM