The issue has been raised on occasion of Outlook 2003 not providing a good way to retrieve a user’s email address in the GAL. The ‘Email Address’ field in the GAL is of EX type, and displays as the LegacyExchangeDN, and there is no ability to copy the email address from the contact properties.
When looking in Outlook 2003’s GAL, you probably see something like this:
In Outlook 2007 you see the following:
The reason for this is that Outlook 2003 uses the EX type for the Email Address column and Outlook 2007 uses the SMTP type. The EX type is an internal type that exchange uses, and returns a value equal to the LegacyExchangeDN. Unfortunately, Microsoft has hardcoded the GAL view from being modified. A great way to work around this is to use the Details Template Editor under the Exchange 2007 Toolbox (or in Exchange 2003’s ESM, under Recipients), and create a field for email address in the property template. Performing this action is actually good to do anyways for both 2003 AND 2007 clients given the fact that it displays the user or contact’s email address in a field that can be copied if needed.
Exchange 2003 – ESM
Exchange 2007 – EMC
The following example will detail specifically for Exchange 2007, though it can be more or less applied to 2003 with modifications.
Choose the General tab, and either highlight a field to change, or drag out a new one. I chose to change the Alias field to Email Address in this example as it was the least needed field given the circumstances, and it would cut down on clutter. You can change which ever field you want, or create a new one by dragging boxes from the left hand column. To do this, we select Alias, and change the label field on the right to &Email Address. We then click the text field, and select Email Address from the drop down menu.
We now have a field in the properties of users for the SMTP Email Address to be displayed in a copy friendly fashion! This procedure can be repeated for contacts, etc.
Recently, a customer experienced a very strange issue pertaining to inbound mail getting bounced from external sources intermittently with the error:
The following recipient(s) cannot be reached:
User on 6/11/2008 2:45 PM
A configuration error in the recipient's e-mail system prevented delivery of this message. Two recipients are configured with the same e-mail address. Contact your administrator.
<[Server] #5.1.4>
The Azaleos monitoring pulled the following from the event logs as well:
Alert: Event 9514 Sent By MSExchangeIS
Property: SourceName (MSExchangeIS)
Instance: Computer(MAILNODE1)
Two objects in the Directory have the same proxy - /DC=com/DC=Domain/DC=childdomain/OU=loc/OU=Departments/OU=dept1/CN=Last,First and /DC=com/DC=Domain/DC=childdomain/OU=loc/OU=Users/CN=Last,First.
At first glance this simply appears to be an issue with two legitimate users having the same email address, caused by replication issues, or creations / deletions at the same time.I searched AD on most of their Domain Controllers (DCs) for the SMTP address, and only turned up the one entry.
I decided to try to trick the system by removing that SMTP address from her account, and then sending the address email to find out where it went.When I did this I received:
First.Last@domain.com The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this -message, or provide the following diagnostic text to your system administrator.
The intermittent portion of this issue tells me that it could very well only be a phantom object on a select number of DCs.I decided to run some scans using LDP, LDIFDE, and ADUC.The only difference this time would be to scan using port 3268, which is the Global Catalog (GC) port, rather than the LDAP 389 port.
I ran the following command to derive output against the various GCs in their domain:
Just the one user showed up again.At this point I remembered that in beginning, I was told that the user had moved between child companies of the parent not long ago.I ran the same scan against the other child domain, but still found nothing.
I ran message tracking to verify mail flow, and that mail always entered the organization the same way.The messages always come directly to the user’s new child domain as expected, and then get rejected.This tells me that it has to be a DC/GC on the new host site of the user (We will call this site A, and their original domain of employment a site B).I connected each DC/GC in site A via ADUC (Active Directory Users and Computers) on the GC port, to the site B domain to poll its records.A single GC had a duplicate record of the user!
Now that the problem has been found, how do we solve it?There are actually two problems.The first is that records viewed over the 3268 port are read only, and if you view the same thing over LDAP (389), you can’t see the record to delete it.Well Microsoft gives us a handy tool called repadmin that usually clears lingering objects like this up.
I ran “repadmin /showrepl” in order to display this server’s replication partners.After pulling a GUID of the DC/GC that I wanted to reference.After pulling the GUID, I inserted it into the following command:
DsReplicaVerifyObjectsW() failed with status50 (0x32): The request is not supported.
This leads us to the second problem.The error occurred due to the problematic server being Windows Server 2000.This problem was unforeseen as every other DC in the organization is 2003.This specific case was resolved by the customers decommissioning the server as a GC because they had been intending to get rid of it for some time anyways.If they did not want to get rid of this server as a GC, however, we could have removed the lingering objects by following the instructions here:
