Prepare for a Migration: What is the X500 email address?
The X500 email address, or the X500 Proxy Address, is one of the most important “tricks” of the data migration trade. Regardless of Exchange Version, including Exchange 2010, Exchange 2013, Exchange 2016, or Exchange Online in Office 365, this trick still applies today.
When moving from one environment to another, calendars can be a major challenge. This stems back to the very early days of Exchange.
What exactly is the problem?
Back before Exchange was integrated into Active Directory, Exchange used the Legacy Exchange DN for internal recipients. Because of this, internal recipients are actually stored in content, like calendar invites.
The result is that if someone updates a calendar invite after it has been moved to another environment, the internal attendees will get a nasty undeliverable (NDR). The business result is people going to the wrong place at the wrong time, confused users, and frantic emails saying, “DELETE THE BAD INVITE NOW!!”
How To Add X500 Email Addresses
So the bad news is that if you are here right now, it can be hard to fix this. You need to collect the Exchange Legacy DN from the source before the move to make it easier. You can fix this as they come in by just taking the Exchange Legacy DN from the NDR, but that won’t scale.
The good news for Quadrotech’s Radar Reporting customers is we collect this for you. For Cloud Commander customers, you are not likely reading this as we do this entire process by default!
So…here is one method to collect the Exchange Legacy DN before migration and three ways to correct it after migration. (with some other helpful info!)
Source Preparation
This is one of my favorite scripts. It has been added to over the years. This script will collect the following:
- Essential User Information
- SAMAccountName
- DisplayName
- Office
- City
- State
- Department
- Manager’s UPN
- LastLoginDate
- Enabled
- PasswordExpired
- MailNickName
- LegacyExchangeDN ß the key of this article!
- ALL of the user’s SMTP addresses!
You’re probably wondering how do I run this collection script?
So I’ve provided you with the script at the bottom of this article!
Always test all scripts in a test environment!
- Log in to a server with the Active Directory Module Installed
- Create a new folder
- C:\Quadrotech\Output
- If you do not want to use this location, update the script output in the $BaseFileName and the $ProxyFileName attribute
- Take the text from below and save it as QTADInfo.ps1
- Launch the Active Directory Module for Windows Powershell
- You may need to do this with the “Run As Administrator” Command
- Navigate to the QTADInfo.ps1 file you created early and execute
- You will find two csv files in the output folder
- csv includes the user information
- csv includes the Proxy Addresses for all users
- C:\Quadrotech\Output
Target Correction
Method 1: Active Directory Users and Computers (ADUC)
If you just have a few accounts to change or want to investigate the issue further, you can use ADUC to do this, with Advanced Features Turned On.
- Log in to a computer with Active Directory Tools Installed
- Launch Active Directory Users and Computers (ADUC)
- Click on View and check “Advanced Features”
- Navigate to the user account – sadly you can’t search to view attribute editor
- Choose the attribute editor tab
- Scroll down and select ProxyAddresses
- Click Edit
- You will now see a list of all addresses
- SMTP in caps is the users primary SMTP
- smtp is lowercase is the user’s secondary SMTP addresses
- X500 / x500 does not have much function for a primary/secondary address
- In the value to add section, add the address. We collected the users Exchange Legacy DN in the script above, or you can get it from the NDR Email the organizer is getting.
- Start with x500 or X500, keeping in mind only one address should be with a capital X
- Colon (:)
- And the Exchange legacy DN next, with no space. This starts with “/o=”
- Example:
- x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0511b2015ac3521f8355f08ca5be1af1-MIWE TestAA
- Click ad and then OK
- wait for replication and attempt to update the calendar invite again – the issue should be resolved
Method 2: Exchange Admin Console
You can also add the X500 Proxy Address in the Proxy Address Section of Microsoft Exchange. In this example, I will do this in Exchange 2016
1. Log into the Exchange Admin Center
2. Click on Recipients
3. On the mailbox screen search for the user, you want to update and open the properties of the account
4. Choose the email addresses tab on the left-hand side
5. Click the + button
6. For the address type choose custom and type “x500
7. In the email address, copy and paste the Exchange Legacy DN
8. Click OK
9. Wait for replication
Method 3: PowerShell
You can also do these functions in PowerShell using the Active Directory Module. This script can be used to add the X500 Address address.
Login to a computer with the Active Directory tools installed. You can import the module (import-module or just launch the “Active Directory for Windows PowerShell” application
A B C D
- A: Set-ADUser cmdlet
- B: User’s Alaias
- C: -add, -remove
- D: smtp or x500 address
- Example:
- Set-ADUser MIWETestAA -add @{ProxyAddresses”x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0511b2015ac3521f8355f08ca5be1af1-MIWE TestAA”}
- Tip: if you want to add other SMTP addresses, you can do this with a comma and additional double quotes like this:
- Set-ADUser MIWETestAA -add @{ProxyAddresses”x500:___”, “smpt:___”}
Example: Set-ADUser MIWETestAA -add @{ProxyAddresses”x500:/o=ExchangeLabs/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=0511b2015ac3521f8355f08ca5be1af1-MIWE TestAA”}
As always, practice on a test user first! If for some reason you make a mistake, you can edit the addresses using the attribute editor in the section above if you need a visual.
In closing, hopefully, this has helped answer your question, ‘What is the X500 email address?’ Quadrotech stands ready to help you with your migration projects. Check out some of our product pages, or get in touch with us!
Script:
$BaseFileName = 'c:\output\Quadrotech\QT_Userinformation.csv'
$ProxyFileName = 'c:\output\Quadrotech\QT_ProxyAddresses.csv'
if (Test-Path $BaseFileName) { Remove-Item $BaseFileName -force }
if (Test-Path $ProxyFileName) { Remove-Item $ProxyFileName -force }
Add-Content $BaseFileName "SamAccountName,Display Name,Office,City,State,Department, Last Login, Enabled?,PasswordExpired?,MailNickName,LegacyExchangeDN,Manager UPN"
Add-Content $ProxyFileName "SamAccountName,ProxyAddress"
$Users = Get-ADUser -filter {LegacyExchangeDN -like "*"} -Properties SamAccountName, displayname, Office, City, State, Department, lastLogonTimestamp, Enabled, PasswordExpired, MailNickName, LegacyExchangeDN, proxyaddresses,manager
foreach ($user in $Users)
{
$userprops = [ordered]@{}
$userprops["SAMName"] = $user.SamAccountName
$userprops["DisplayName"] = $user.displayname
$userprops["Office"] = $user.Office
$userprops["City"] = $user.City
$userprops["state"] = $user.State
$userprops["Department"] = $user.Department
$userprops["lastlogindate"] = [datetime]::FromFileTime($user.lastLogonTimestamp)
$userprops["Enabled"] = $user.Enabled
$userprops["passwordexpired"] = $user.passwordexpired
$userprops["mailnickname"] = $user.mailnickname
$userprops["legacyExchangeDN"] = $user.legacyExchangeDN
$userprops["mgrUPN"] = $(try { (get-aduser $user.manager).userprincipalname} catch {})
Add-Content $BaseFileName ($userprops.Values -join ",")
foreach ($addr in $User.proxyaddresses) { Add-Content $ProxyFileName ($userprops.SAMName + "," + $addr) }
}