Resolving Exchange 2010 Queue 4.2.0 ambiguous address error

If you have run into the message in the Exchange 2010 queue about delivery delayed or “will retry” messages with error message 4.2.0 and an ambiguous address message, we can actually pinpoint this problem to an Active Directory attributed called the “legacyExchangeDN”

Especially if you are migrating users from let’s say an on premises environment to a hosted Exchange environment, and you left mailboxes intact perhaps for access to old email and then also want those users to have access to their new hosted exchange mailbox, if you have two user accounts in your Active Directory forest that have the same CN or common name and are both tied to Exchange, you may receive the error stated above.  This error basically means that Exchange sees two accounts out there that look too similar for it to make a determination on the destination address.



A quick and easy way to fix the error above is to point the legacyExchangeDN to the sAMAccount name instead of the common name.  This is a much more specific way to find a user in Active Directory as you can’t have two user accounts that have the same samaccountname.  Once we point one of the user account’s legacyExchangeDN attributes to the sAMAccountname, the problem will be resolved.

This may not be so easy though if you have let’s say 10,000 user accounts that may have an alternative account for backup or migration purposes that is causing issues with Exchange knowing where to deliver the mail.  How can we quickly and easily update the legacyExchangeDN on that many accounts?  Well, the answer lies in Powershell.  Powershell is awesome for administrative tasks that may be unbelievably painful using any other means, even with scripting.  So how do we update the attributes using Powershell?

The following script depends on Quest’s Active Roles Management Shell being installed.

Using Powergui (another powerful “must have” adminstrative tool), we launched the following script node:

        • $searchRoot=“OU=Test,DC=yourdomain,DC=com”

          Get-QADUser -SearchRoot $searchRoot | ForEach-Object ( $_.samaccountname) {$email = “/o=Your Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/sAMAccountName=” + $_.Samaccountname ; Set-QADUser -ObjectAttributes @{legacyExchangeDN=$email} -Identity $_.SamAccountName}

Notice above that we can limit the searchroot to any OU that we would like to specify and  that we are specifying that the “sAMAccountName” is used instead of the CN.

After we set the attributes on at least one of the accounts that is causing the issue, Exchange will know then how the mail needs to be delivered to the recipients thus solving in ambiguity of the address.

Back to top button