MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Mystery of adding X500’s – What an amazing thing to know…!!!

This is something I learned this morning and thought I should share with my subscribers.

Issue:

Users are receiving NDR while responding to old emails of Ron Mayers.

Delivery has failed to these recipients or distribution lists:

Mayers, Ron
The recipient’s e-mail address was not found in the recipient’s e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.

If you click on the name, the NDR will get resolved to:

IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=RON+2EMayers@contoso.com

EXCH is the Exchange Organization name

Cause:

This behavior is caused because every internal message send/received in the orgn, will have the recipient info resolvable normally to the LegacyExchangeDN attribute. In this case, the user mailbox would have been recreated or the old LegacyExchangeDN value would have been changed to a different one.

Resolution:

We need to add a new X500 address to the user mailbox from Exchange Management Console. To do that, we need to first create it in the right format.

First step is to get rid of the _ and convert them to /

/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers@contoso.com

Now the tricky part:

/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers@contoso.com

Look closely and you see some numbers like +20, +28 etc… Wondering what they are?

+20 is a SPACE

+28 and +29 are ( and ) respectively

+2E is .

So the actual X500 address to be added will look like this:

/O=EXCH/OU=EXCHANGE ADMINISTRATIVE GROUP (28FHSDHJF23GHYED)/CN=RECIPIENTS/CN=RON.Mayers@contoso.com

I know it’s crazy but it is what it is… 🙂
Update – MuthuKumar did cover X500 here:

Exmerge and X500.. A story…: https://msexchangeguru.com/2010/02/26/exmerge-and-x500-a-story/

Ratish Nair
MVP Exchange
Team @MSExchangeGuru.com

Keywords: Adding a new X500 address, Issue with X500 address, NDR while replying to old emails in exchange

46 Responses to “Mystery of adding X500’s – What an amazing thing to know…!!!”

  1. Wizkid Says:

    This is a know issue becuase of the legacyexchangeDN being used by exchange to send internal emails. So you just need to add legacyexchnagedn of old user to the x500 of the new user with the same email id.

  2. Sahin Boluk Says:

    I have seen this in our environment as well, migrating from GroupWise to E2K10. For these users, I manually added the X500 address. My worry is that we have a migrtion coming up for two other sites that we e-mail alot with, on different versions of Exchange, and this will arise again. is there a bulk way to add these or do we don’t have to worry about it at all?

  3. Muthukumar P Says:

    Sahin,

    I’m sure ADModify is the tool that you’re looking for! 🙂

    Muthu

  4. Wizkid Says:

    Sachin,
    Use this PS script on my article

    https://msexchangeguru.com/2012/03/09/e2010-email-id-for-bulk-users/

  5. IMCEAX error after migration from Exchange 2007 to Exchange 2013 « exkb Says:

    […] https://msexchangeguru.com/2012/03/15/x500/ […]

  6. Wizkid Says:

    Adddition:

    +40 represents @

  7. Prabhat Says:

    Addition:

    +2C represents comma
    +5F represents underscore

  8. IMCEAX error after migration from Exchange 2007 to Exchange 2013 | FICILITY.NET Says:

    […] https://msexchangeguru.com/2012/03/15/x500/ […]

  9. Venkat Says:

    Excellent article 🙂
    One query about LegacyExchangeDN – Does this value affect all versions of outlook users or is it for Outlook 2003?

  10. Waltr Says:

    +3F is ?

  11. Kuriya Says:

    Can anyone convert this

    IMCEAEX-_O=DOMAIN_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Julian+20Mitchelld45@domain.com

  12. Kuriya Says:

    User’s email address is julian.mitchell@domain.com

    Not sure what d45 represents ?

    CN=Julian+20Mitchelld45@domain.com

  13. Alex Says:

    Hi guys,

    I’ve written a script to help with conversion of email if you want… I haven’t extensively tested it but where I have it’s fine…
    It’ll ask for the email address affected… i.e. in the example in the page you can paste in /O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers@contoso.com
    & it will give you the correct format of the address…

    Enjoy..

    Set FSO = CreateObject(“Scripting.FileSystemObject”)
    Set WshShell = CreateObject(“Wscript.Shell”)

    Set oArgs = WScript.Arguments
    If oArgs.Count = 0 Then
    oMail = InputBox(“Paste the affected email address”,”Email Required”)
    Else
    oMail = oArgs(0)
    End If

    If oMail = “” Then
    WScript.Quit
    End if

    oCurDir = WshShell.CurrentDirectory
    Set OutPutFile = FSO.CreateTextFile(oCurDir & “\” & “ConvertedX500.txt”,2)

    If Instr(oMail,”IMCEAEX-“) Then
    oMail = Replace(oMail,”IMCEAEX-“,””)
    End If
    oRes = Replace(oMail,”_”,”/”)
    oRes = Replace(oRes,”+28″,”(“)
    oRes = Replace(oRes,”+29″,”)”)
    oRes = Replace(oRes,”+2E”,”.”)
    oRes = Replace(oRes,”+20″,” “)
    oRes = Replace(oRes,”+40″,”@”)
    oRes = Replace(oRes,”+2C”,”,”)
    oRes = Replace(oRes,”+5F”,”_”)

    Wscript.Echo “A resulting text file has been created in the same folder as this script” & VbCrLf &_
    VbCrLf & “This will now open – you can paste the contents into an X500 email address.”

    OutPutFile.WriteLine oRes
    OutPutFile.Close
    WshShell.Run “Notepad.exe ” & oCurDir & “\” & “ConvertedX500.txt”

  14. Microsoft Fragestunde zu Office 365 und Windows Intune am 18. Juni 2013 - .: Daniel Melanchthon :. - Site Home - TechNet Blogs Says:

    […] Mystery of adding X500’s – What an amazing thing to know…!!! « MSExchangeGuru.com https://msexchangeguru.com/2012/03/15/x500/ […]

  15. Prakash Pandey Says:

    I my case user is deleted…pls suggest if any solution for it.

  16. dbiz Says:

    Your instructions are malformed. I know because I just wasted 8 hours trying to figure out why they don’t work.

    IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=RON+2EMayers@contoso.com

    /O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers

    Now the tricky part:

    /O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers

    Look closely and you see some numbers like +20, +28 etc… Wondering what they are?

    +20 is a SPACE

    +28 and +29 are ( and ) respectively

    +2E is .

    So the actual X500 address to be added will look like this:

    /O=EXCH/OU=EXCHANGE ADMINISTRATIVE GROUP (FHSDHJF23GHYED)/CN=RECIPIENTS/CN=RON.Mayers

    You have an extra @contoso.com which should be removed and you use the 28 from the +28 in the address. This is incorrect.

  17. Melodeem Says:

    I rarely comment, but this post saved my day… Thank you Guru.

  18. Transmo Says:

    I have the x500 address of the user without the @domain part. Is that correct? Users are still getting the bounced back message. What am I doing wrong?

  19. Transmo Says:

    I figured what it was.

    There was an event ID 9217 (http://technet.microsoft.com/en-us/library/hh343866%28v=exchg.140%29.aspx) preventing email delivery.

    The problem was the the proxy X500 address was set as LegacyExchangeDN for ExchangeActiveSync and the Phone objects of the user entity in Active Directory so I guess those two count as two Active Directory objects.

    The fix was to clear the LegacyExchangeDN for those objects in ADSI Edit and leave them as “Not Set”.

  20. Ryan Says:

    If you, like me, need to do this to all the recipients in your domain after a mail migration, you can use powershell to automate it. This is how I did it. In order for this to work correctly, your primary SMTP addresses and user aliases must be the same on both domains – you can tweak if yours aren’t the same.

    1. Open Exchange Management Shell
    2. get-mailbox | select Alias,PrimarySMTPAddress | Export-Csv C:\email.csv

    3. Open Active Directory Module for Windows PowerShell
    4. import-csv C:\email.csv | foreach{Set-ADuser -Identity $_.Alias -add @{proxyAddresses = “X500:/O=EXCH/OU=EXCHANGE ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=$($_.PrimarySMTPAddress)”}}

  21. Lesego Says:

    Somebody please address Kuriya(no12). What does d45 mean? The IMCEAEX I am encountering reads: O=GOVBWEX_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Carlos+20Jotia16b@gov.bw. Notice the 16b in the CN. What’s that?

  22. Joseph Chackochen Says:

    Solved duplicate Alias issue based on this information. I saw “+5F” in CN and was able to translate using oRes = Replace(oRes,”+5F”,”_”). Great info!!!

  23. Luis Says:

    What does 4b6 means?

    CN=Elizabeth+2C+20Burbey4b6@domain.com

  24. Larry Says:

    Has ANYBODY got an answer, why some numbers and letters appear after a name please?

    My problem is similar to the above:

    IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=John+20Smithb73@mydomain.co.uk
    #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

    Where did the b73 come from after the users last name (Smithb73)

    Some background info…..
    This is on an SBS2011 server, which uses Exchange 2010
    It was a migration from another SBS2011 server with a different internal domain name (Old = olddomain.local New = newdomain.local)
    This only ‘sometimes’ happens from some internal users.
    I have removed the NK2 file from the troublesome users Outlook, and started a fresh (about a month ago).
    It has been working good for him for a couple of weeks now, but it has just started again.

    On this occasion, the user sent this email to a number of internal & external users
    The external users received it OK.
    2 of the internal users gave bounce backs.
    The other user bounce back actually looks OK (very puzzling)
    Here’s the 2nd users bounce message:

    IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Susan+20Jones@mydomain.co.uk
    #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

    ***Notice there are no numbers & letters after the name, but it still failed.

    More background info…..
    Each persons alias is: FirstLast
    Default address is: FirstLast@mydomain.co.uk
    Other addresses for each user: First@mydomain.co.uk FirstLast@mydomain.co.uk FirstLast@mydomain.local

    After reading some info about x500 issues, Should I follow procedures to change underscores to forward slashes?

    Thanks in advance
    Larry.

  25. Ryan Villanueva Says:

    The random characters before the ‘@domain..” portion are part of the address and are needed.

    IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=John+20Smithb73@mydomain.co.uk

    will become

    /O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=John Smithb73

    This happens most often in my environment (multi-tenant hosted environment) when someone deletes a mailbox or DL (or moves an Alias) to a different mailbox, DL or recipient of some form. (mailuser becomesmailbox, DL Alias is converted to mailbox.

    Also note that although selecting from GAL resolves this with no further action needed, this will still happen in replies to mail from former mailbox, DL etc

    This is why you should get this and add it when doing the Alias move.

    Get-Mailbox | Select -LegacyexchangeDN
    *You may need to use get-mailuser or get-distributiongroup or get-mailcontact

  26. Kevin Ross Says:

    Microsoft started appending the 3 letters after updating to one of the latest service packs for exchange, I believe SP3.

  27. Darrell Q Says:

    Hi all,
    We run Exchange 2010 Version: 14.03.0224.002. I stumbled accross this article in research the same error that 1 of our users is reporting. However, he is attempting to send to an “External” address. The NDR shows that at some point Exchagne has replaced the external domain with our internal domain, (for a few specific addresses that this person sends to) and then it bounces back.
    Any ideas why this could happen?

  28. Phong HO Says:

    Thank you so much

  29. #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ## | shubell's blog Says:

    […] helped a lot http://ficility.net/tag/exchange-2010-mailbox-re-created-legacy-exchange-dn-missing/ https://msexchangeguru.com/2012/03/15/x500/ […]

  30. Duraimurugan V Says:

    We got the +27 value in the error. Can any one please share me the value of +27

  31. Dave D Says:

    for those who come here (like me) looking to +3F, im pretty sure its a @ symbol

  32. Akshay Bahiram Says:

    Prabhat what is +3f ??

    mine ends with CN=XXXXXXX+20+3F+3F+3F@XXXXXXXXXXX.com
    #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

  33. Akshay Bahiram Says:

    Guys you may use the below link and find conversions for any Hexadec’s that are not available online
    http://www.asciitable.com/
    There are some converters available online you may also consider taking help from the same

  34. Daniel Says:

    I thing, that the symbols +28 +29 +20 +27… are from ascii table. See https://en.wikipedia.org/wiki/ASCII

  35. Brady Osborne Says:

    This site automatically fixes most of the characters -> http://fixndr.com/

  36. Prabhat Nigam Says:

    This is a good one. Thank you Brady.

  37. Dtraining | Office 365 Exchange On Line errore IMCEAEX in caso di invio di eMail interne Says:

    […] http://serverfault.com/questions/114096/exchange-bouncing-email-sent-by-outlook https://msexchangeguru.com/2012/03/15/x500/ https://support.microsoft.com/en-us/kb/2005644 2 febbraio 2016Senza categoriaLeave a comment […]

  38. Abid Says:

    exchange server 2013 errors IMCEAEX- _o=EXCHANGE+20administrative+20group+20+28fhsdhjf23ghyed+29_cn=recipients_cn=ron+2emayer@contoso.com

  39. The legacyExchangeDN and why it’s a pain in my *** | bradcstevens Says:

    […] Mystery of adding X500’s – Seriously awesome article MSExchangeGuru.com: https://msexchangeguru.com/2012/03/15/x500/ […]

  40. Outlook cache responsible for NDR – recipient not found – X500 | Zandink.org Says:

    […] Mystery of adding X500’s – What an amazing thing to know…!!! […]

  41. The legacyExchangeDN and why it’s a pain in my *** | Brad Stevens' Blog Says:

    […] Mystery of adding X500’s – Seriously awesome article MSExchangeGuru.com: https://msexchangeguru.com/2012/03/15/x500/ […]

  42. TM Says:

    I knocked up a Powershell for the conversion, just reading the IMCEAEX string from the command arguments.

    foreach ($a in $args) {
    $a.ToString()
    $domain = ‘example.com’
    switch -Regex ($a)
    {
    ‘IMCEAEX-_’ {$a = $a -replace ‘IMCEAEX-‘,”}
    ‘_’ {$a = $a -replace ‘_’,’/’}
    ‘\+20’ {$a = $a -replace ‘\+20′,’ ‘}
    ‘\+28’ {$a = $a -replace ‘\+28’,'(‘}
    ‘\+29’ {$a = $a -replace ‘\+29′,’)’}
    ‘\+40’ {$a = $a -replace ‘\+40′,’@’}
    ‘\+2E’ {$a = $a -replace ‘\+2E’,’.’}
    ‘\+2C’ {$a = $a -replace ‘\+2C’,’,’}
    ‘\+5F’ {$a = $a -replace ‘\+5F’,’_’}
    $domain {$a = $a -replace $domain,”}
    }

    Write-Host $a
    }

    Obviously if you have a list of accounts and addresses, you could modify the script to import the list, do the address conversion and use Set-ADuser -Identity xxx -add @{proxyAddresses = $a} to do all the work for you.

  43. Sean Says:

    anyone know what 0ea converts to?

  44. Anthony J. Montaleone Says:

    Many Failed attempts
    Called Microsoft and paid $500.00

    THIS IS WHAT I GOT:

    Replace any underscore character (_) with a slash character (/)

    Replace “+20” with a blank space

    Replace “+28” with an opening parenthesis character

    Replace “+29” with a closing parenthesis character

    Delete “IMCEAEX-“

    Delete “@mgd.domain.com”

    Sample from an undelivered email:

    IMCEAEX-_O=YOURDOMAINNAME_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Donald+20Trumpa22@yourdomainname.com
    #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

    After:
    /O=YOURDOMAINNAME/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=Donald Trumpa22

    Hope this helps someone save 500 Bucks!

  45. Anthony J. Montaleone Says:

    OH yah.. dont forget to log onto the Primary Domain Controller and run the following command line

    repadmin /syncall /ADeP

  46. Prabhat Nigam Says:

    For future, I can recommend you to use Golden Five Consulting which will look forward to help you in more cost effective manner. GoldenFiveConsulting.com

Leave a Reply

Categories

Archives

MSExchangeGuru.com