Back to blog

Prepare for a Migration: What is the X500 email address?

Dec 18, 2018 by Mike Weaver

The X500 email address, or the X500 Proxy Address, is one of the most important “tricks” of the data migration trade.  Regardless of Exchange Version, including Exchange 2010, Exchange 2013, Exchange 2016, or Exchange Online in Office 365, this trick still applies today.

When moving from one environment to another, calendars can be a major challenge.  This stems back to the very early days of Exchange.

What exactly is the problem?

Back before Exchange was integrated into Active Directory, Exchange used the Legacy Exchange DN for internal recipients.  Because of this, internal recipients are actually stored in content, like calendar invites.

The result is that if someone updates a calendar invite after it has been moved to another environment, the internal attendees will get a nasty undeliverable (NDR). The business result is people going to the wrong place at the wrong time, confused users, and frantic emails saying, “DELETE THE BAD INVITE NOW!!”

How To Add X500 Email Addresses

So the bad news is that if you are here right now, it can be hard to fix this.  You need to collect the Exchange Legacy DN from the source before the move to make it easier.  You can fix this as they come in by just taking the Exchange Legacy DN from the NDR, but that won’t scale.

The good news for Quadrotech’s Office 365 reporting customers is we collect this for you. For our Microsoft 365 tenant migration customers, you are not likely reading this as we do this entire process by default!

So…here is one method to collect the Exchange Legacy DN before migration and three ways to correct it after migration.  (with some other helpful info!)

Source Preparation

This is one of my favorite scripts.  It has been added to over the years.  This script will collect the following:

  • Essential User Information
    • SAMAccountName
    • DisplayName
    • Office
    • City
    • State
    • Department
    • Manager’s UPN
    • LastLoginDate
    • Enabled
    • PasswordExpired
    • MailNickName
    • LegacyExchangeDN ß the key of this article!
    • ALL of the user’s SMTP addresses!

You’re probably wondering how do I run this collection script?

So I’ve provided you with the script at the bottom of this article!

Always test all scripts in a test environment!

  1. Log in to a server with the Active Directory Module Installed
  2. Create a new folder
    1. C:\Quadrotech\Output
      1. If you do not want to use this location, update the script output in the $BaseFileName and the $ProxyFileName attribute
    2. Take the text from below and save it as QTADInfo.ps1
    3. Launch the Active Directory Module for Windows Powershell
      1. You may need to do this with the “Run As Administrator” Command
    4. Navigate to the QTADInfo.ps1 file you created early and execute
    5. You will find two csv files in the output folder
      1. csv includes the user information
      2. csv includes the Proxy Addresses for all users

 

Target Correction

Method 1: Active Directory Users and Computers (ADUC)

If you just have a few accounts to change or want to investigate the issue further, you can use ADUC to do this, with Advanced Features Turned On.

  1. Log in to a computer with Active Directory Tools Installed
  2. Launch Active Directory Users and Computers (ADUC)
  3. Click on View and check “Advanced Features”

X500 Proxy Address Screenshot

  1. Navigate to the user account – sadly you can’t search to view attribute editor
  2. Choose the attribute editor tab
  3. Scroll down and select ProxyAddresses
  4. Click Edit

X500 Proxy Address Screenshot

  1. You will now see a list of all addresses
    1. SMTP in caps is the users primary SMTP
    2. smtp is lowercase is the user’s secondary SMTP addresses
    3. X500 / x500 does not have much function for a primary/secondary address
  2. In the value to add section, add the address. We collected the users Exchange Legacy DN in the script above, or you can get it from the NDR Email the organizer is getting.
    1. Start with x500 or X500, keeping in mind only one address should be with a capital X
    2. Colon (:)
    3. And the Exchange legacy DN next, with no space. This starts with “/o=”
    4. Example:
    5. x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0511b2015ac3521f8355f08ca5be1af1-MIWE TestAA
  3. Click ad and then OK
  4. wait for replication and attempt to update the calendar invite again – the issue should be resolved

Method 2: Exchange Admin Console

You can also add the X500 Proxy Address in the Proxy Address Section of Microsoft Exchange.  In this example, I will do this in Exchange 2016

1. Log into the Exchange Admin Center

2. Click on Recipients

3. On the mailbox screen search for the user, you want to update and open the properties of the account

4. Choose the email addresses tab on the left-hand side

X500 Proxy Address Screenshot5. Click the + button

X500 Proxy Address Screenshot6. For the address type choose custom and type “x500

7. In the email address, copy and paste the Exchange Legacy DN

8. Click OK

9. Wait for replication

Method 3: PowerShell

You can also do these functions in PowerShell using the Active Directory Module.  This script can be used to add the X500 Address address.

Login to a computer with the Active Directory tools installed.  You can import the module (import-module or just launch the “Active Directory for Windows PowerShell” application

A                            B                            C                                                                     D

X500 Proxy Address Screenshot

  • A: Set-ADUser cmdlet
  • B: User’s Alaias
  • C: -add, -remove
  • D: smtp or x500 address
  • Example:
    • Set-ADUser MIWETestAA -add @{ProxyAddresses”x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0511b2015ac3521f8355f08ca5be1af1-MIWE TestAA”}
  • Tip: if you want to add other SMTP addresses, you can do this with a comma and additional double quotes like this:
    • Set-ADUser MIWETestAA -add @{ProxyAddresses”x500:___”, “smpt:___”}

Example: Set-ADUser MIWETestAA -add @{ProxyAddresses”x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0511b2015ac3521f8355f08ca5be1af1-MIWE TestAA”}

As always, practice on a test user first!  If for some reason you make a mistake, you can edit the addresses using the attribute editor in the section above if you need a visual.

Script:

$BaseFileName = ‘c:\output\Quadrotech\QT_Userinformation.csv’
$ProxyFileName = ‘c:\output\Quadrotech\QT_ProxyAddresses.csv’
if (Test-Path $BaseFileName) { Remove-Item $BaseFileName -force }
if (Test-Path $ProxyFileName) { Remove-Item $ProxyFileName -force }
Add-Content $BaseFileName “SamAccountName,Display Name,Office,City,State,Department, Last Login, Enabled?,PasswordExpired?,MailNickName,LegacyExchangeDN,Manager UPN”
Add-Content $ProxyFileName “SamAccountName,ProxyAddress”

$Users = Get-ADUser -filter {LegacyExchangeDN -like “*”} -Properties SamAccountName, displayname, Office, City, State, Department, lastLogonTimestamp, Enabled, PasswordExpired, MailNickName, LegacyExchangeDN, proxyaddresses,manager

foreach ($user in $Users)
{
$userprops = [ordered]@{}
$userprops[“SAMName”] = $user.SamAccountName
$userprops[“DisplayName”] = $user.displayname
$userprops[“Office”] = $user.Office
$userprops[“City”] = $user.City
$userprops[“state”] = $user.State
$userprops[“Department”] = $user.Department
$userprops[“lastlogindate”] = [datetime]::FromFileTime($user.lastLogonTimestamp)
$userprops[“Enabled”] = $user.Enabled
$userprops[“passwordexpired”] = $user.passwordexpired
$userprops[“mailnickname”] = $user.mailnickname
$userprops[“legacyExchangeDN”] = $user.legacyExchangeDN
$userprops[“mgrUPN”] = $(try { (get-aduser $user.manager).userprincipalname} catch {})

Add-Content $BaseFileName ($userprops.Values -join “,”)
foreach ($addr in $User.proxyaddresses) { Add-Content $ProxyFileName ($userprops.SAMName + “,” + $addr) }
}