Greetings - We are in the process of migrating from Exchange 2003 SP2 to Exchange 2007 SP1. The mailbox servers are clustered and the HT/CAS roles reside on separate servers. We are noticing that if we create users or distribution groups on the Exchange 2003 side the legacyExchangeDN attribute is populated for those objects but if we create a non-dynamicdistribution group via the Exchange Management Console or Shell in 2007 the new distribution groups no longer have the legacyExchangeDN populated although the mailNickname and displayName attributes are populated correctly. User objects and dynamic distribution groups created on the 2007 side do have the legacyExchangeDN attribute populated when using EMC or EMS 2007. Our experience with this has shown that if we manually enter the legacyExchangeDN value for the 2007 distribution lists is that they function properly, but we would like to have this happen without manual intervention. We have read thru David Goldman's great article on "OAB PDN Changes and Site Consolidations". The event IDs (9340, 9341, 9360) he references are the same log events we are receiving. We have also tried the registry edits David recommends but it did not solve our problem. Any suggestions would be greatly appreciated. Thanks, Mike

Mike, I saw this post the other day, but did not have an E2K7 server around to test this. I think something maybe messed up in your environment since the legacyExchangeDN attribute is pretty critical to the use of Exchange and the Outlook clients. I fired up an E2K7 EMC and created a non-dynamic distribution list and it had the legacyExchangeDN when I checked it immediately in ADSIEDIT. I found it interesting that the DN included /ou=First Administrative Group, not the Exchange 2007 Admin group, though. One thing, though, is that the legacyExchangeDN is NOT one of the options on the EMS or in the EMC when creating the groups. This is still created "behind the scenes. Is there anything strange in your environment that might be affecting this? Do you have a "First Administrative Group" admin group? Jim

Hi Jim, Per your post, the problems occur when in a mixed-mode environment utilizing the Transporter Suite's Free/Busy connector.We utilize GetTopology to retrieve the available AdminGroups and place these into an array. We'll take the first value of this array and use this to generate the legacyExchangeDN. This can return Legacy Exchange server AGs instead of the desired E2k7 AG. This is a product issue.Itwill be correct later. Hi Mike, As you have checked Daves blog, then I would recommend you double check situation #3 in his blog. Then please use new-distributiongroup verbose to create the distribution group. Note: Type should be Distribution. After that, please post the output here. Since event 9340, 9341, 9360 has been found in the event log, no value for legacyexchangedn of distribution group, we understood this is a OAB generation issue. Any user report this issue? You can set Diagnostic logging for MSExchangeSA\OAL Generator has already been set to "High" to get more information for further troubleshooting. Exchange 2007 OAB Event Logging http://www.exchangeninjas.com/OfflineAddressBook Please post the detail error information here. More information share with you: Please pay attention to the situation #3 in daves blog. http://blogs.msdn.com/dgoldman/archive/2008/03/26/oabinteg-new-information.aspx 9340 is a result of a newly added parent Legacy Exchange DN container value, please remember it then we can use OABInteg to check this. The tool OABInteg can be downloaded here:http://code.msdn.microsoft.com/oabinteg/Release/ProjectReleases.aspx?ReleaseId=726 1. First please stop OAB Generation. Run this command:OABInteg /s:ExchSrvrName /troxytest /v:2 /l Note: replace ExchsrvrName with the Exchange server name. A file named OABInteg.txt will be created under C:\ after that. 2. Open OABInteg.txt and search for parent Legacy Exchange DN container value. 3. After that you can correct the legacyexchangedn via adsiedit.exe Hope it helps. Xiu

Xiu & Jim - Thank you for your help on this and I apologize for the late response on my part. Since the initial post we ran setup /DomainPrep on our child domain which does not have any Exchange servers or Users but we thought the because the DLs created are Universal groups that that may be part of our problem. We also created an additional RUS on the Exchange 2003 side and pointed it to one of the child domain servers. We no longer get the 9340, 9341 & 9360 event entries but the legacyExchange field on new DLs are still not being populated. Xiu, below is the new-distribution output you asked for: PS] C:\>new-DistributionGroup -Name 'Test-legacyExchangeDN' -Type 'Distribution' -OrganizationalUnit 'lps.com/Users' -SamAccountName 'Test-legacyExchangeDN' -Alias 'Test-legacyExchangeDN' -verbose VERBOSE: New-DistributionGroup : Beginning processing. VERBOSE: New-DistributionGroup : Searching objects "lps.com/Users" of type "ExchangeOrganizationalUnit" under the root "$null". VERBOSE: New-DistributionGroup : Previous operation run on domain controller 'AD-3.lps.com'. VERBOSE: New-DistributionGroup : Administrator Active Directory session settings are: View Entire Forest: 'False', Default Scope: 'lps.com', Configuration Domain Controller: 'rad-1.lps.com', VERBOSE: New-DistributionGroup : Applying RUS policy to the given recipient "lps.com/Users/Test-legacyExchangeDN" with the home domain controller "$null". VERBOSE: New-DistributionGroup : The RUS server that will apply policies on thespecified recipient is "MAIL-1.lps.com". VERBOSE: New-DistributionGroup : Processing object "lps.com/Users/Test-legacyExchangeDN". VERBOSE: New-DistributionGroup : Searching objects of type "ADRecipient" with filter "(&((|((SamAccountName Equal Test-legacyExchangeDN)))(Id NotEqual lps.com/Users/Test-legacyExchangeDN)))", scope "SubTree" under the root "lps.com". VERBOSE: New-DistributionGroup : Previous operation run on domain controller 'AD-3.lps.com'. VERBOSE: Creating Distribution Group "Test-legacyExchangeDN" with Type "Distribution", SamAccountName "Test-legacyExchangeDN", Organizational Unit "lps.com/Users". VERBOSE: New-DistributionGroup : The properties changed are: "{GroupType='Universal', SamAccountName='Test-legacyExchangeDN', DisplayName='Test-legacyExchangeDN', AddressListMembership={ '\All Groups', '\Default Global Address List' }, Alias='Test-legacyExchangeDN', EmailAddresses={ 'X400:C=US;A= ;P=LPS;O=MAIL1;S=Test-legacyExchangeDN;', 'SMTP:Test-legacyExchangeDN@lps.com' }, PoliciesIncluded={ '{42301341-0454-4A66-9CC1-821AD886BD87},{26491CFC-9E50-4857-861B-0CB8DF22B5D7}'}, TextEncodedORAddress='c=US;a= ;p=LPS;o=MAIL1;s=Test-legacyExchangeDN;',WindowsEmailAddress='Test-legacyExchangeDN@lps.com', RecipientDisplayType='DistributionGroup', Id='lps.com/Users/Test-legacyExchangeDN', RawName='Test-legacyExchangeDN', ObjectCategory='lps.com/Configuration/Schema/group', OriginalPrimarySmtpAddress='Test-legacyExchangeDN@lps.com', OriginalWindowsEmailAddress='Test-legacyExchangeDN@lps.com' }". VERBOSE: New-DistributionGroup : Saving object "lps.com/Users/Test-legacyExchangeDN" of type "ADGroup" and state "New". VERBOSE: New-DistributionGroup : Previous operation run on domain controller 'AD-3.lps.com'. VERBOSE: New-DistributionGroup : Reading new object "lps.com/Users/Test-legacyExchangeDN" of type "ADGroup". VERBOSE: New-DistributionGroup : Previous operation run on domain controller 'AD-3.lps.com'. Name DisplayName GroupType PrimarySmtpAddress ---- ----------- --------- ------------------ Test-legacyExcha... Test-legacyExcha... Universal Test-legacyExcha... VERBOSE: New-DistributionGroup : Ending processing. ****************************************************************************************************************************************** Here is the OADInteg output for the same DL: Processing Address Book Entry #41 of 50. Display Name = Test-LegacyExchangeDN Object is a Distribution list object LegacyExchangeDN starts with '/o=' or '/O='. Value = /o=NT5/ou=21D167FE2C78D4469B8EB3EEF6F08BC2/cn=3E1F1565500AE54F83BACF3B918BBD26 ERROR - Temp LegacyExchangeDN found! Value = /o=NT5/ou=21D167FE2C78D4469B8EB3EEF6F08BC2/cn=3E1F1565500AE54F83BACF3B918BBD26 ******************************************************************************************************************************************** Since the /DomainPrep and additional RUS we are now getting the following Application event entries on the Exchange 2003 side: Event Type: Error Event Source: MSExchangeAL Event Category: LDAP Operations Event ID: 8270 Date: 8/27/2008 Time: 10:20:17 AM User: N/A Computer: MAIL-10 Description: LDAP returned the error [20] No Such Object when importing the transaction dn: <SID=0102000000000005200000002A020000> changetype: Modify member:add:<GUID=C38B0D14-B03A-4AFE-B572-D46A461E1647> - DC=lps,DC=com Event Type: Error Event Source: MSExchangeAL Event Category: LDAP Operations Event ID: 8022 Date: 8/27/2008 Time: 10:20:17 AM User: N/A Computer: MAIL-10 Description: LDAP Modify on directory AD-2.lps.com for entry '<SID=0102000000000005200000002A020000>' was unsuccessful with error:[0x20] No Such Object [ 00000525: NameErr: DSID-031A0F80, problem 2001 (NO_OBJECT), data 0, best match of: '' ]. DC=lps,DC=com ********************************************************************************** Anyway that's where we are at today. Any insight as to the root of this problem would be greatly appreciated. Thanks, Mike

Hi, First, Please follow the below steps to delete the temp legacyexchagnedn. 1. Use ADSIEdit.msc and locate the objects in the Domain Naming Context of the Active Directory.2. Manually remove this value and let the RUS (Recipient Update Service) stamp the correct value or manually correct this. 3. When you are confident that all of the objects have been fixed and Active Directory replication has been verified re-enable the OAB Generation process. Then please try to modify the below registry. Note: Please backup the registry before you perform the below steps. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click to select the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters 3. On the Edit menu, point to New, and then click DWORD Value. 4. Type OAL post full if diff fails, and then press ENTER. 5. Right-click OAL post full if diff fails, and then click Modify. 6. In the Value data box, type 0x1 (1). 7. Quit Registry Editor. If the problem still persists, then please follow the below steps. 1. Examine the Event ID 9341 and look at the legacyExchangeDN value '/o=organization/ou=Site/cn=Recipient' that is referenced. This means that there is an object in the current offline address list being referenced that was not found in the active directory. The object may have been deleted, mail disabled or moved to another container in a mixed mode environment. This is also a possibility that there may still be an object in the active directory that still has a reference to that PDN, however it is not in the current offline address list and is no longer in the PDN table for this OAB. This object can be any mail enabled object (Public Folder, Distribution List, Contact, etc). 2. Create a placeholder object that would belong to the affected offline address list. This object will be in the form of a mail enabled contact. Once the contact is created, make sure the RUS (Recipient Update Service) stamps this user with the default proxy address and a legacyExchangeDN. 3. Add an x500 address to this contact with the PDN that has been referenced in the 9341 Event ID: '/o=organization/ou=Site/cn=Recipient'. You may need to add a RDN to it /cn=ContactName.Example x500 proxyAddress: '/o=organization/ou=Site/cn=ContactName. NOTE: This will add the new PDN or legacyExchange to the in memory table OABGen creates. The next time the OAB is built OABGen will compare the data found from the Active Directory and from last nights downloaded OAB files, the compare will sync up and correct this issue. Hope it helps. Xiu

Hi Xiu - We have already tried the OAL post full if diff fails registry entry and it did not solve our problem. To clarify what the problem appears to be to us: Non-Dynamic distribution groups do show up in our OAB but they are not useable because they do not have a legacyExchangeDN value. We receive an Undeliverable message (#550 5.1.1 RESOLVER.ADR.REcipNotFound; not found # #) from our system we try to send a message to these DLs. In ADSIEdit we see that the legacyExchangeDN value for these DLs are <Not Set>. If we manually set the legacyExchangeDN value the DLs function properly. These symptoms are only seen on Non-Dynamic distribution groups. User and Dynamic distribution groups are created correctly and function fine. The question I have now is what service(s) and/or process(es) is responsible for populating the legacyExchangeDN value for Non-Dynamic distribution groups in an Exchange 2003/2007 topology when a Non-Dynamic distribution group is created on the 2007 side? Please note that DLs created on the 2003 side are created properly and function. Any thoughts or suggestions would be greatly appreciated. Thanks, Mike

I ahve the exact same problem. Spent days troubleshooting. Found that if I add a LegacyExchangeDN in adsiedit I can get it to work. If I manually add an X500 address it works. I dont know what theO=NT5 is If I let Exchange do its thing I get: Delivery has failed to these recipients or distribution lists: SOWReqThe recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator. _____ Sent by Microsoft Exchange Server 2007 Diagnostic information for administrators: Generating server: srv-wr2-exch11.CDILLC.COM IMCEAEX-_O=NT5_ou=a0cc1762f68fc4439f92446645c727f5_cn=0191418384f805409541cdcb65616a81@CDILLC.com#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ## Original message headers: Received: from SRV-CLU-EXCH01.CDILLC.COM ([172.31.100.81]) bysrv-wr2-exch11.CDILLC.COM ([172.31.100.110]) with mapi; Mon, 20 Oct 200811:53:20 -0400Content-Type: application/ms-tnef; name="winmail.dat"Content-Transfer-Encoding: binaryFrom: "Edwards, Daniel" <Daniel.Edwards@cdillc.com>To: SOWReq <IMCEAEX-_O=NT5_ou=a0cc1762f68fc4439f92446645c727f5_cn=0191418384f805409541cdcb65616a81@CDILLC.com>Date: Mon, 20 Oct 2008 11:53:16 -0400Subject: testThread-Topic: testThread-Index: Ackyy/dGGcQdDh7kQ4e4rWb5eF5jtQ==Message-ID: <FDFE7A3BE5F79A448247F66106966B840BA4AB9445@SRV-CLU-EXCH01.CDILLC.COM>Accept-Language: en-USContent-Language: en-USX-MS-Has-Attach: yesX-MS-TNEF-Correlator: <FDFE7A3BE5F79A448247F66106966B840BA4AB9445@SRV-CLU-EXCH01.CDILLC.COM>MIME-Version: 1.0

Danofre2 How do I manually add an X500 address thx

This will be fixed in Update Roll-up 7 for Exchange Server 2007 Service Pack 1. For roll-up 7 details click here KB960384. Details of LegacyExchangeDN fixis found here KB954898.

Hi guys,I have the same problem and the SP1 with Update Roll-up 8 is already installed.Has anybody with the same problem that had solved this without manual procedure that putLegacyExchangeDN attribute?