#550 5.1.4 RESOLVER.ADR.Ambiguous; ambiguous address ## – Duplicate LegacyExchangeDN Value…

 

I came across an issue at a customer site, which looked simple at the first glance. Users were getting NDR when sending an email to a particular user. The bounced message had the following information.

Delivery has failed to these recipients or groups:

There is a problem with the recipient’s e-mail system. More than one person has this e-mail address. The recipient’s system administrator will have to fix this problem.

IMCEAEX-_O=Exchange Org Name_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=FirstName+20Lastname@emaildomain.com
#550 5.1.4 RESOLVER.ADR.Ambiguous; ambiguous address ##

Email bounce message

It looked like a duplicate email address issue at first as the customer had just finished a cross forest migration from Exchange 2003 to 2010. Further analysis showed that there is no other user with the same email address. More info was given – the bounce only happens when an internal user email; external emails are fine and the user who had the issue can’t login to Outlook, but OWA works fine.

This prompted me to have a look at the “legacyExchangeDN” attribute of the user and sure enough, there was another user with the same value. The issue was that another account existed with the same first name and last name, but a different alias. The “legacyExchangeDN” attribute was the CN, which was firstname “space” lastname. Hence, there were two users with same “legacyExchangeDN” value and Exchange was getting confused & internal emails were bouncing. I changed the user’s “legacyExchangeDN” to a different value (from firstname lastname to firstname.lastname) and everything started working.

The only problem with renaming this value is that it will break the ability to reply, if the sender uses the Outlook autocache. Hence, the Outlook cache of the sender had to be removed.

In order to change the “legacyExchangeDN” attribute, launch AD Users & Computers with “Advanced Features” turned on. Get the properties of the user, navigate to “Attribute Editor” tab, where you will find the “legacyExchangeDN” attribute. You can also use ADSIEdit.

Rajith properties

Your Thoughts?