Mystery of adding X500’s – What an amazing thing to know…!!!
This is something I learned this morning and thought I should share with my subscribers.
Issue:
Users are receiving NDR while responding to old emails of Ron Mayers.
Delivery has failed to these recipients or distribution lists:
Mayers, Ron
The recipient’s e-mail address was not found in the recipient’s e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.
If you click on the name, the NDR will get resolved to:
IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=RON+2EMayers@contoso.com
EXCH is the Exchange Organization name
Cause:
This behavior is caused because every internal message send/received in the orgn, will have the recipient info resolvable normally to the LegacyExchangeDN attribute. In this case, the user mailbox would have been recreated or the old LegacyExchangeDN value would have been changed to a different one.
Resolution:
We need to add a new X500 address to the user mailbox from Exchange Management Console. To do that, we need to first create it in the right format.
First step is to get rid of the _ and convert them to /
/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers@contoso.com
Now the tricky part:
/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers@contoso.com
Look closely and you see some numbers like +20, +28 etc… Wondering what they are?
+20 is a SPACE
+28 and +29 are ( and ) respectively
+2E is .
So the actual X500 address to be added will look like this:
/O=EXCH/OU=EXCHANGE ADMINISTRATIVE GROUP (28FHSDHJF23GHYED)/CN=RECIPIENTS/CN=RON.Mayers@contoso.com
I know it’s crazy but it is what it is… 🙂
Update – MuthuKumar did cover X500 here:
Exmerge and X500.. A story…: https://msexchangeguru.com/2010/02/26/exmerge-and-x500-a-story/
Ratish Nair
MVP Exchange
Team @MSExchangeGuru.com
Keywords: Adding a new X500 address, Issue with X500 address, NDR while replying to old emails in exchange
March 15th, 2012 at 1:57 pm
This is a know issue becuase of the legacyexchangeDN being used by exchange to send internal emails. So you just need to add legacyexchnagedn of old user to the x500 of the new user with the same email id.
March 20th, 2012 at 3:03 pm
I have seen this in our environment as well, migrating from GroupWise to E2K10. For these users, I manually added the X500 address. My worry is that we have a migrtion coming up for two other sites that we e-mail alot with, on different versions of Exchange, and this will arise again. is there a bulk way to add these or do we don’t have to worry about it at all?
May 16th, 2012 at 5:59 am
Sahin,
I’m sure ADModify is the tool that you’re looking for! 🙂
Muthu
May 16th, 2012 at 9:31 am
Sachin,
Use this PS script on my article
https://msexchangeguru.com/2012/03/09/e2010-email-id-for-bulk-users/
October 11th, 2012 at 4:20 am
[…] https://msexchangeguru.com/2012/03/15/x500/ […]
November 5th, 2012 at 2:29 pm
Adddition:
+40 represents @
November 8th, 2012 at 11:59 am
Addition:
+2C represents comma
+5F represents underscore
February 5th, 2013 at 7:03 pm
[…] https://msexchangeguru.com/2012/03/15/x500/ […]
February 27th, 2013 at 9:58 am
Excellent article 🙂
One query about LegacyExchangeDN – Does this value affect all versions of outlook users or is it for Outlook 2003?
March 19th, 2013 at 3:09 pm
+3F is ?
May 31st, 2013 at 6:28 pm
Can anyone convert this
IMCEAEX-_O=DOMAIN_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Julian+20Mitchelld45@domain.com
May 31st, 2013 at 6:30 pm
User’s email address is julian.mitchell@domain.com
Not sure what d45 represents ?
CN=Julian+20Mitchelld45@domain.com
June 21st, 2013 at 7:59 am
Hi guys,
I’ve written a script to help with conversion of email if you want… I haven’t extensively tested it but where I have it’s fine…
It’ll ask for the email address affected… i.e. in the example in the page you can paste in /O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers@contoso.com
& it will give you the correct format of the address…
Enjoy..
Set FSO = CreateObject(“Scripting.FileSystemObject”)
Set WshShell = CreateObject(“Wscript.Shell”)
Set oArgs = WScript.Arguments
If oArgs.Count = 0 Then
oMail = InputBox(“Paste the affected email address”,”Email Required”)
Else
oMail = oArgs(0)
End If
If oMail = “” Then
WScript.Quit
End if
oCurDir = WshShell.CurrentDirectory
Set OutPutFile = FSO.CreateTextFile(oCurDir & “\” & “ConvertedX500.txt”,2)
If Instr(oMail,”IMCEAEX-“) Then
oMail = Replace(oMail,”IMCEAEX-“,””)
End If
oRes = Replace(oMail,”_”,”/”)
oRes = Replace(oRes,”+28″,”(“)
oRes = Replace(oRes,”+29″,”)”)
oRes = Replace(oRes,”+2E”,”.”)
oRes = Replace(oRes,”+20″,” “)
oRes = Replace(oRes,”+40″,”@”)
oRes = Replace(oRes,”+2C”,”,”)
oRes = Replace(oRes,”+5F”,”_”)
Wscript.Echo “A resulting text file has been created in the same folder as this script” & VbCrLf &_
VbCrLf & “This will now open – you can paste the contents into an X500 email address.”
OutPutFile.WriteLine oRes
OutPutFile.Close
WshShell.Run “Notepad.exe ” & oCurDir & “\” & “ConvertedX500.txt”
June 24th, 2013 at 5:34 pm
[…] Mystery of adding X500’s – What an amazing thing to know…!!! « MSExchangeGuru.com https://msexchangeguru.com/2012/03/15/x500/ […]
July 13th, 2013 at 5:48 am
I my case user is deleted…pls suggest if any solution for it.
October 18th, 2013 at 11:56 am
Your instructions are malformed. I know because I just wasted 8 hours trying to figure out why they don’t work.
IMCEAEX-_O=EXCH_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29_CN=RECIPIENTS_CN=RON+2EMayers@contoso.com
/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers
Now the tricky part:
/O=EXCH/OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FHSDHJF23GHYED+29/CN=RECIPIENTS/CN=RON+2EMayers
Look closely and you see some numbers like +20, +28 etc… Wondering what they are?
+20 is a SPACE
+28 and +29 are ( and ) respectively
+2E is .
So the actual X500 address to be added will look like this:
/O=EXCH/OU=EXCHANGE ADMINISTRATIVE GROUP (FHSDHJF23GHYED)/CN=RECIPIENTS/CN=RON.Mayers
You have an extra @contoso.com which should be removed and you use the 28 from the +28 in the address. This is incorrect.
November 5th, 2013 at 1:37 am
I rarely comment, but this post saved my day… Thank you Guru.
November 12th, 2013 at 6:25 pm
I have the x500 address of the user without the @domain part. Is that correct? Users are still getting the bounced back message. What am I doing wrong?
November 16th, 2013 at 12:32 am
I figured what it was.
There was an event ID 9217 (http://technet.microsoft.com/en-us/library/hh343866%28v=exchg.140%29.aspx) preventing email delivery.
The problem was the the proxy X500 address was set as LegacyExchangeDN for ExchangeActiveSync and the Phone objects of the user entity in Active Directory so I guess those two count as two Active Directory objects.
The fix was to clear the LegacyExchangeDN for those objects in ADSI Edit and leave them as “Not Set”.
December 16th, 2013 at 12:53 pm
If you, like me, need to do this to all the recipients in your domain after a mail migration, you can use powershell to automate it. This is how I did it. In order for this to work correctly, your primary SMTP addresses and user aliases must be the same on both domains – you can tweak if yours aren’t the same.
1. Open Exchange Management Shell
2. get-mailbox | select Alias,PrimarySMTPAddress | Export-Csv C:\email.csv
3. Open Active Directory Module for Windows PowerShell
4. import-csv C:\email.csv | foreach{Set-ADuser -Identity $_.Alias -add @{proxyAddresses = “X500:/O=EXCH/OU=EXCHANGE ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=$($_.PrimarySMTPAddress)”}}
February 20th, 2014 at 11:34 am
Somebody please address Kuriya(no12). What does d45 mean? The IMCEAEX I am encountering reads: O=GOVBWEX_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Carlos+20Jotia16b@gov.bw. Notice the 16b in the CN. What’s that?
September 8th, 2014 at 1:51 pm
Solved duplicate Alias issue based on this information. I saw “+5F” in CN and was able to translate using oRes = Replace(oRes,”+5F”,”_”). Great info!!!
September 24th, 2014 at 2:32 pm
What does 4b6 means?
CN=Elizabeth+2C+20Burbey4b6@domain.com
October 13th, 2014 at 8:13 am
Has ANYBODY got an answer, why some numbers and letters appear after a name please?
My problem is similar to the above:
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=John+20Smithb73@mydomain.co.uk
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
Where did the b73 come from after the users last name (Smithb73)
Some background info…..
This is on an SBS2011 server, which uses Exchange 2010
It was a migration from another SBS2011 server with a different internal domain name (Old = olddomain.local New = newdomain.local)
This only ‘sometimes’ happens from some internal users.
I have removed the NK2 file from the troublesome users Outlook, and started a fresh (about a month ago).
It has been working good for him for a couple of weeks now, but it has just started again.
On this occasion, the user sent this email to a number of internal & external users
The external users received it OK.
2 of the internal users gave bounce backs.
The other user bounce back actually looks OK (very puzzling)
Here’s the 2nd users bounce message:
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Susan+20Jones@mydomain.co.uk
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
***Notice there are no numbers & letters after the name, but it still failed.
More background info…..
Each persons alias is: FirstLast
Default address is: FirstLast@mydomain.co.uk
Other addresses for each user: First@mydomain.co.uk FirstLast@mydomain.co.uk FirstLast@mydomain.local
After reading some info about x500 issues, Should I follow procedures to change underscores to forward slashes?
Thanks in advance
Larry.
November 27th, 2014 at 2:34 am
The random characters before the ‘@domain..” portion are part of the address and are needed.
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=John+20Smithb73@mydomain.co.uk
will become
/O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=John Smithb73
This happens most often in my environment (multi-tenant hosted environment) when someone deletes a mailbox or DL (or moves an Alias) to a different mailbox, DL or recipient of some form. (mailuser becomesmailbox, DL Alias is converted to mailbox.
Also note that although selecting from GAL resolves this with no further action needed, this will still happen in replies to mail from former mailbox, DL etc
This is why you should get this and add it when doing the Alias move.
Get-Mailbox | Select -LegacyexchangeDN
*You may need to use get-mailuser or get-distributiongroup or get-mailcontact
December 1st, 2014 at 2:24 pm
Microsoft started appending the 3 letters after updating to one of the latest service packs for exchange, I believe SP3.
March 23rd, 2015 at 12:34 pm
Hi all,
We run Exchange 2010 Version: 14.03.0224.002. I stumbled accross this article in research the same error that 1 of our users is reporting. However, he is attempting to send to an “External” address. The NDR shows that at some point Exchagne has replaced the external domain with our internal domain, (for a few specific addresses that this person sends to) and then it bounces back.
Any ideas why this could happen?
May 4th, 2015 at 1:50 pm
Thank you so much
June 19th, 2015 at 9:16 am
[…] helped a lot http://ficility.net/tag/exchange-2010-mailbox-re-created-legacy-exchange-dn-missing/ https://msexchangeguru.com/2012/03/15/x500/ […]
July 6th, 2015 at 11:55 am
We got the +27 value in the error. Can any one please share me the value of +27
July 31st, 2015 at 4:56 am
for those who come here (like me) looking to +3F, im pretty sure its a @ symbol
August 26th, 2015 at 8:07 am
Prabhat what is +3f ??
mine ends with CN=XXXXXXX+20+3F+3F+3F@XXXXXXXXXXX.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
August 26th, 2015 at 10:36 pm
Guys you may use the below link and find conversions for any Hexadec’s that are not available online
http://www.asciitable.com/
There are some converters available online you may also consider taking help from the same
October 7th, 2015 at 8:53 am
I thing, that the symbols +28 +29 +20 +27… are from ascii table. See https://en.wikipedia.org/wiki/ASCII
January 24th, 2016 at 11:56 pm
This site automatically fixes most of the characters -> http://fixndr.com/
January 29th, 2016 at 12:52 pm
This is a good one. Thank you Brady.
February 1st, 2016 at 6:33 pm
[…] http://serverfault.com/questions/114096/exchange-bouncing-email-sent-by-outlook https://msexchangeguru.com/2012/03/15/x500/ https://support.microsoft.com/en-us/kb/2005644 2 febbraio 2016Senza categoriaLeave a comment […]
May 1st, 2016 at 5:04 pm
exchange server 2013 errors IMCEAEX- _o=EXCHANGE+20administrative+20group+20+28fhsdhjf23ghyed+29_cn=recipients_cn=ron+2emayer@contoso.com
June 16th, 2016 at 9:17 pm
[…] Mystery of adding X500’s – Seriously awesome article MSExchangeGuru.com: https://msexchangeguru.com/2012/03/15/x500/ […]
July 8th, 2016 at 3:31 am
[…] Mystery of adding X500’s – What an amazing thing to know…!!! […]
August 11th, 2016 at 8:47 pm
[…] Mystery of adding X500’s – Seriously awesome article MSExchangeGuru.com: https://msexchangeguru.com/2012/03/15/x500/ […]
August 12th, 2016 at 1:03 am
I knocked up a Powershell for the conversion, just reading the IMCEAEX string from the command arguments.
foreach ($a in $args) {
$a.ToString()
$domain = ‘example.com’
switch -Regex ($a)
{
‘IMCEAEX-_’ {$a = $a -replace ‘IMCEAEX-‘,”}
‘_’ {$a = $a -replace ‘_’,’/’}
‘\+20’ {$a = $a -replace ‘\+20′,’ ‘}
‘\+28’ {$a = $a -replace ‘\+28’,'(‘}
‘\+29’ {$a = $a -replace ‘\+29′,’)’}
‘\+40’ {$a = $a -replace ‘\+40′,’@’}
‘\+2E’ {$a = $a -replace ‘\+2E’,’.’}
‘\+2C’ {$a = $a -replace ‘\+2C’,’,’}
‘\+5F’ {$a = $a -replace ‘\+5F’,’_’}
$domain {$a = $a -replace $domain,”}
}
Write-Host $a
}
Obviously if you have a list of accounts and addresses, you could modify the script to import the list, do the address conversion and use Set-ADuser -Identity xxx -add @{proxyAddresses = $a} to do all the work for you.
September 13th, 2016 at 12:53 pm
anyone know what 0ea converts to?
December 14th, 2016 at 8:07 pm
Many Failed attempts
Called Microsoft and paid $500.00
THIS IS WHAT I GOT:
Replace any underscore character (_) with a slash character (/)
Replace “+20” with a blank space
Replace “+28” with an opening parenthesis character
Replace “+29” with a closing parenthesis character
Delete “IMCEAEX-“
Delete “@mgd.domain.com”
Sample from an undelivered email:
IMCEAEX-_O=YOURDOMAINNAME_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Donald+20Trumpa22@yourdomainname.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
After:
/O=YOURDOMAINNAME/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=Donald Trumpa22
Hope this helps someone save 500 Bucks!
December 14th, 2016 at 8:10 pm
OH yah.. dont forget to log onto the Primary Domain Controller and run the following command line
repadmin /syncall /ADeP
December 21st, 2016 at 4:06 pm
For future, I can recommend you to use Golden Five Consulting which will look forward to help you in more cost effective manner. GoldenFiveConsulting.com