We're all pretty familiar with the common SMTP address - firstname.lastname@example.org. And a lot of folks are happy with just one or two of these. But if you've migrated any users lately, setup cross-forest with MIIS, or if you've just tried to reply to someone who's “left the building”, you've probably seen some strange looking addresses, and/or odd address types.
x500:/o=<org name>/ou=<site name>/cn=Recipients/cn=<alias>
Or perhaps you've seen the attribute below on an object in the AD:
legacyExchangeDN:/o=<org name>/ou=<site name>/cn=Recipients/cn=<alias>
Long ago, before Exchange 2000, Exchange implemented its own LDAP directory. You could almost say that Exchange 5.5 had the Active Directory built into it. (If you happen to still have a 5.5 server, fire up your LDAP client, ldp.exe, point it at your 5.5 server, and browse away! Bonus points if you know what port the SRS uses and why.) If you know much about LDAP, you'll know that each object has a Distinguished Name (DN) that works as map to where it lives in the directory, much like a file on disk (for example, c:\orgname\sitename\recipients\alias.txt) . If you moved an object it would get a new DN, just like if you moved this file to another folder it would become c:\orgname\sitename\recipients\newfolder\alias.txt.
This was neat because you could change the address on a user and we could still figure out which user to reply to. So we decided we would route mail based on DN and mail would be stored as FROM: DN. But it promptly broke down if you moved an object in the LDAP tree. She (the object you just moved) gets a new DN, because she's in a new location in the tree, and viola, she is essentially a brand new person, even if she has the same x400 or SMTP addresses.
As you can see this freed us from locking down your email addresses, but created other problems along the way. At some point, someone had the idea that we could "re-purpose" an address type, x500, and look there if we didn't find a matching DN. So, as an admin, I would create an address of type X500 (just like I create an address of type SMTP), and give it the value of your DN.
For example, your object might look something like this:
- DN: o=<org name>/ou=<site name>/cn=Recipients/cn=newfolder/cn=<alias>
- SMTP: email@example.com
All we had to do was keep an x500 address for each DN you ever had. Now you could move the object all you wanted! (Well kinda.... but this will be long enough without me discussing how free/busy and OAB's work as well.)
In Ex2k, we got smarter and created a new attribute called the legacyExchangeDN. After all, Windows was now in the Active Directory LDAP business, and we wouldn't have to deal with these kinds of details anymore. ;) So now your old 5.5 DN is actually a legacyExchangeDN which could actually be an x500 proxy. The legExDN was just an arbitrary format, and wasn't required to conform to LDAP requirements. Then we could solve some of the old moving problems, and still interoperate with clients that wanted to use DN style formats for resolving and routing mail.
Example Part III:
- DN: CN=<alias>,CN=Users,DC=<domain>
- SMTP: firstname.lastname@example.org
- X500:/o=<org name>/ou=<site name>/cn=Recipients/cn=<alias<
- legacyExDN: o=<org name>/ou=<site name>/cn=Recipients/cn=newfolder/cn=<alias>
In summary, you may think you're email@example.com, but you are really legacyExchangeDN:/o=<org name>/ou=<site name>/cn=recipients/cn=<alias> to us! (And if we can't find you there, we'll check your x500!)
This was my first ever blog. If you liked it (or didn’t), or would like to hear me ramble on some other topic, send me feedback!