We are having an issue with the email address policy self resolving internal collisions by appending the number "2" to email addresses.
Basically what we do is new employees receive contacts for the GAL automatically. The user can then choose to create a user object or even get an exchange account via online self-provisioning site.
So our process deletes the contact object, then creates a user object. That user object is then mail-enabled. At that moment the email address policy kicks in and adds a few addresses ( [user]@[domain] [user]@excahnge.[domain] etc)
here is example code of how we sometimes do this manually for users that don't self-provision.
#remove contact Get-ADObject -filter { cn -eq $user } -Server $script:dc | Remove-ADObject -Confirm:$false -Server $script:dc #create new user object New-ADUser -Name $user -SamAccountName $user -Enabled $true -ChangePasswordAtLogon $True -UserPrincipalName $userPrincipalName -DisplayName $User_displayname -Path $ou -GivenName $userFirstName -Surname $userLastName -AccountPassword $Private -Server $script:dc #mail enable user object Enable-MailUser -identity $user -ExternalEmailAddress $externalAddress -Alias $user -domainController $script:dc
Now the problem seems to be that even thought the contact is deleted the address is still somewhere in the system because when the user is mail enabled their addresses look like this: [user]2@[domain] and [user]2@exchange.[domain]. it sticks 2s on all of
them
best guess is the policy sees the old address *somewhere* but rather than fail it just appends a 2 to avoid the collision and goes on it's merry way. All the script lines run against the same DC and all the exchange servers point to one DC.
what is causing this and how do we stop it ?