My Blog
I decided to finally get with it and create my own Blog. I don't know how often I'll be blogging, as I stay fairly busy, but I'll try to post here every so often. Since most of the work I do relates to Microsoft Exchange, probably much of what I blog about will relate to that, but I'm sure that there will be occasional (or frequent) blogs about my family.
About Me
- Name: Ben Winzenz
- Location: Keller, Texas, United States
I grew up near Ann Arbor, Michigan and went to college at BYU (Brigham Young University). In 1992, I took 2 years off from school to serve a full-time mission for my Church (the Church of Jesus Christ of Latter-day Saints) in Frankfurt, Germany. I've been married for 11 years and have 4 beautiful children. I have been working with Exchange since 1999.
Subscribe to this Blog
Subscribe to my Blog
Contact Me
E-mail me
Other Blogs
MS Exchange Blog
Mark Fugatt's Blog
You Had me at EHLO
David Lemson's Blog [MSFT]
Evan Dodd's Blog [PSS]
KC Lemson's Blog
Michael Palermiti's Blog [PSS]
Michael B. Smith's Blog
Andy Webb's Blog
Chad Gross [SBS]
E2K Security
Glen's Exchange Dev Blog
Bharat Suneja's Blog
Exchange Cookbook
Kevin Weilbacher [SBS]
Sigfried Weber
Susan Bradley's SBS Blog
Tim Rains' Weblog
Robert Hensing's Blog
Robert Scoble's Blog
WitNit
Jim McBee's Mostly Exchange Blog
Ant Drewery
Exchange-ing Ideas - Missy Koslosky
Donna's Security Flash
What's in Store - WinFS blog
Microsoft Security Response Center
Jason Langridge's WebLog - MR Mobile!
Gerod Serafin's Blog
XP Source
Mark's Sysinternals Blog
Jesper Johansson's Blog
ExchangeIS - Ben Hoffman's Blog
Ray Ozzie's Blog
Monad Team Blog
Devin Ganger - (e)Mail Insecurity
Steve Riley's Blog
Henrik Walther's Exchange Blog
Search
Archives
September 2004October 2004
November 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
Friday, October 14, 2005
Outlook AutoComplete and LegacyExchangeDN
Recently, I've seen several posts referring to Outlook's autocomplete feature (Automatic Name Resolution) displaying incorrect information. Specifically, this information was stored in the legacyExchangeDN value assigned to a user account. OK, I'll correct the legacyExchangeDN value, you say.
Before you do that, however, be aware of the unintended consequences of doing such. Outlook actually still uses the legacyExchangeDN value for some things. For one, it uses the legacyExchangeDN when replying to messages sent by an internal user. You don't believe me? Well, it is sort of hard to find, but try this.
Download the MDB Viewer utility (MDBVu32) from Microsoft and open your mailbox and view a message that was sent by an internal user. Specifically, look at the PR_SENDER_EMAIL_ADDRESS property. Guess what that is :-) Yep - that's the legacyExchangeDN value on an account. Still don't believe me? Use ADSIEdit and go to the properties of the user account in question. Go down and view the legacyExchangeDN. You should see that it will match the PR_SENDER_EMAIL_ADDRESS property. Now, if you modify the legacyExchangeDN value for a user account, the message still has the OLD value listed - that doesn't get modified. So, when Outlook tries to reply to the message, it tells Exchange to send to the account with the OLD value, which no longer exists. Since that value no longer exists, an NDR will be generated. Not fun.
How do you get around this? There are 3 things that I can think of.
1. Don't rename/re-use user accounts. If you want the new account to be a member of the same groups as the old one, then simply Copy the account. At one point at a previous employer, we created "dummy" accounts that were only there so they could be copied. If you make a practice of creating a new account for each new user, you won't have to deal with incorrect legacyExchangeDN values.
2. Disable Outlook's Automatic Name Resolution feature. Ok, this may not be the most viable option, but by disabling ANR, you don't have to deal with Outlook caching and displaying incorrect information in it's autocomplete names. This will allow you to leave the legacyExchangeDN value intact and not worry about
3. If you MUST change the legacyExchangeDN value, make sure that you add the OLD legacyExchangeDN value as an X500 address on the user account. This will allow replies to still work because the address Outlook tells Exchange to use is still valid.
Ben
- posted by Ben Winzenz @ 10:36 AM
Comments:
<< Home
Thank you for a no-nonsense answer to a really stupid feature of this product. Hiding a field away from administrators and making it visible to users is STUPID. Your option #3 was the straight forward answer I couldn't find an any KB article! Microsoft: FIX your products. Don't give us crap solutions that further break the product.
Great info on the LegacyExchangeDN. I choose creating X500 entry for the solution.
Post a Comment
# posted by 
: 9:48 PM, January 20, 2008
: 9:48 PM, January 20, 2008<< Home
