We had a possibly unique environment and an issue that came along with it.
Some of our users were required to have two email accounts (one was for secure email). The email accounts were created with the same alias as their normal account, and so the LegacyExchangeDN created at some point we believe was the same too.
When we migrated the secure email accounts to Exchange 2010 we discovered that some people could not open their email. Outlook threw an error. After some investigation we found that the people who could not access their secure email had an X500 address on their normal account, pointing to their LegacyExchangeDN on their secure email. This was obviously causing confusion somewhere down the line.
To resolve it, we changed the X500 address on the normal account to point to the LegacyExchangeDN on the normal account. Users could then access all of their accounts.
In order to do a comparison, we did a search for accounts with X500 addresses, using powershell, and put them into a SQL database. Then we did a search of the people's legacyExchangeDN and put them in a table and with a select statment, brought back all the X500 addresses that matched the wrong LegacyExchangeDNs
No comments:
Post a Comment