ICC Home / Members / Meetings / Peer Support / Documentation / Projects
E-mail Address issues in AD: |
Potential Problems:A number of problems have occurred in the past due to a mis-match between the Primary SMTP Address and the mail attribute for user accounts in the IFAS people OU. Both of these settings are viewable via the ADUC tool. There can be only one primary address per Type; the primary SMTP address is viewable on the "E-mail Addresses" tab (the entry of Type "SMTP" that is in CAPITAL LETTERS); the mail attribute is viewable on the General Tab as "E-mail:". (Note: Exchange uses the primary address as the default reply address for outgoing messages. Entries with lowercase Type values are deemed to be secondary addresses, which Exchange checks when it resolves the header on an incoming message to determine whether the message can be delivered to a mailbox with the organization.
When the values are different, Exchange is unable to add the entry into the Offline Address Book. If the value of the mail attribute is not present in the multi-valued string attribute calleed "proxyAddresses" (which is what populated the e-mail addresses tab in ADUC) then mail delivery for the user is disabled. We have had several occurrences of both cases that resulted from several different events; these have included the modification of e-mail address by scripts, by MIIS, or by other units modifying our users during migration using Aelita. While we believe the problems with MIIS and other units running migration software have been eliminated, there is still the potential for scripts to create mismatches. This is what occurred on 2 May 2005 when we were repairing the problem caused by the Recipient Update Service replacing the Primary SMTP addresses with Gatorlink@ifas.ufl.edu. While the RUS did ensure the attributes were matched, our script which corrected the problem did not. Scripted Solution:As many of the side effects of these errors do not present themselves immediately, IT/SA decided that it was a good idea to fix the problem as soon as possible. Consequently, a script has been developed that queries Active Directory every 30 minutes and looks for mismatches between these two attributes. When discrepancies are found, the script will copy the Primary SMTP Address to the mail attribute. The script also notifies ITNS of any fixes, so they can investigate the root cause of the problem. This script will thus identify and fix problems that can affect mail delivery as well the as population of the Offline Address Book. It will correct the problems before they can have significant impact on our services. Other Exchange Address tidbits:from the article Reliable RUS X500... "Exchange uses the X500 address type to track old e-mail addresses that might still exist in user mailboxes but that are no longer used inside the organization. For example, the Exchange 5.5 Move Server Wizard changes the DN of mailboxes as servers move between sites or organizations. The AD (through the Active Directory Connector--ADC) preservers these addresses so that users can reply to old messages that hold old addresses in their headers." RUS... "The Microsoft Exchange Server Recipient Update Service is reponsible for generating mail proxy addresses for mail-enabled objects inside an Exchange organization. The RUS detects when an object has been created or updated in AD and applies the appropriate recipient policy to populate any missing attributes and to ensure that the object has at least one valid e-mail address." "Apart from generating the correct addresses for mail-enabled objects, the RUS also ensures that the objects appear in the correct address lists. You want user objects, contacs, and groups to appear in the Global Address List (GAL), but you probably don't want public folders or message stores to appear there. The RUS hides the latter objects unless you specifically mark their properties to instruct the RUS t"o inclued them in the GAL. (A hidden object's msExchHideFromAddressList attribute is set to TRUE.) "The RUS also populates a certain set of AD attributes, shown below, that must be set if mail-enabled objects are to function correctly. Some of these attributes are populated automatically when you create a mail-enabled object through the Active Directory Users and Computers snap-in. The RUS fills in any missing or imcomplete attributes to ensure that all the necessary data exists to allow mail to flow smoothly. In addition, when the RUS finds a group that has hidden membership, the RUS adds non-canonical access control entries (ACES) to the group object's ACL. These entries let Exchange servers expand the group membership for mail delivery, while preventing users from viewing the expanded data."
"Each e-mail address must be unique across the entire Exchange organization. When you create an address through the E-mail Addresses tab of a user object's Properties dialog box, Active Directory Users and Computers calls the appropriate proxy-generation DLL for the address's type, to ensure that the address is properly formatted. At the same time, the DLL generates an LDAP query that determines whether the proposed address is unique. (This process accounts for why creating new user-object e-mail addresses can sometimes be slow within large deployments.)" More Resources on RUS |
last edited 20 March 2006 by Steve Lasley