When sending to an external mail contact, we use Live@edu, the message would get caught in the queue or bounce back immediately. The queue viewer reported the following.
Last Error: 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address
Queue ID: HTServer\Submission
Recipients: IMCEAEX-_O=ORG_OU=OU_cn=Recipients_cn=First+2ELast@forest.domain.name
After it timed out the NDR reported the following:
IMCEAEX-_O=ORG_OU=OU_cn=Recipients_cn=First+2ELast@forest.domain.name
#550 4.4.7 QUEUE.Expired; message expired ##
Sometimes our end users would receive:
There is a problem with the
recipient's e-mail system. More than one user has this e-mail address. The
recipient's system administrator will have to fix this. Microsoft Exchange will
not try to redeliver this message for you. Please provide the following
diagnostic text to your system administrator and then try resending the message
after the problem has been resolved.
First thing I tried, from experiencing this in the past was to check for duplicate SMTP Addresses in our domain then in our forest using and LDAP query:
(&(objectCategory=*)( proxyaddresses=smtp:first.last@domain.name))
For the life of me I could not find any duplicates in our domain or in our forest. This led me to look into the address given earlier that indicated the forest name and not the domain name. Thanks to the resources linked to at the end of this post, after some research and a lot of pointing to Exchange 2003 issues, I thought to take a look at the student's LegacyExchangeDN within Attribute Editor in AD, it looked correct for our domain. I then did an LDAP query against the LegacyExchangeDN against the entire forest to see if another string existed that matched the student:
(LegacyExchangeDN=/O=ORG/OU=OU/cn=Recipients/cn=First.Last)
The search pulled up two accounts, both were the same person, just enrolled as a student in each domain.
Normally mailboxes/users are are created in Exchange, Exchange checks to see if the LegacyExchangeDN exists, if it does exist in the organization a different one is created based on the account properties. However, the way our programmer has programmed the user load process, it does not integrate with Exchange..
The SamAccountName for our domain users is First.Last, where for the other domain it is FInitialMInitialLastRandom#.
All attributes are created for the account in an external service, not tied in with Exchange, then applied to Active Directory to finish the account creation. Since Exchange does not have any part of the load process, it does not check for existing LegacyExchangeDN's. So. The way our programmer fixed his creation process was to add a site specific suffix to all mail user Legacy Exchange DN's. This way it would be unique to our university and our AD will check for conflicts before being created.
Resources:
