Users were migrated within a forest and "Reconnect Exchange mailbox" option has been used. After migration users cannot open Outlook, they get an error "Cannot open your default email folders" or "The Exchange server is not accessible". Sending email to such users results in Non-Delivery Report similar to the following:
#550 5.2.0 STOREDRV.Deliver: The Microsoft Exchange Information Store service reported an error. The following information should help identify the cause of this error: "MapiExceptionAmbiguousAlias:16.18969:87000000, 17.27161:000000007C000000000000000F00000000000000, 255.23226:71040000, 255.27962:FE000000, 255.17082:9A080000, 0.26937:08000000, 4.21921:9A080000, 255.27962:FA000000, 255.1494:00000000, 255.26426:FE000000, 4.7588:0F010480, 4.6564:0F010480, 4.14312:9A080000, 4.2199:9A080000, 4.17097:9A080000, 4.8620:9A080000, 255.1750:00000000, 0.26849:2D000000, 255.21817:9A080000, 0.26297:813F0000, 4.16585:9A080000, 0.32441:00000000, 4.1706:9A080000, 0.24761:00000000, 4.20665:9A080000, 0.25785:0F010480, 4.29881:9A080000". ##
Exchange server event log may contain event id 9356:
An ambiguous Mailbox Guid <id> was found on <number> mailboxes in the DS. The store cannot map this Mailbox Guid to a unique user.
This can be caused by having same values in user's msexchmailboxguid and objectguid attributes. When they belong to the same object, this is not a problem for Exchange. However, when mailbox is reconnected to a newly migrated user in the target domain, there are two different users in the forest that share the same guid, i.e. user1 objectguid equals user2's msexchmailboxguid value. When determining the user the deliver the email to, Exchange queries AD and receives two results instead of one, resulting the NDR.
When identical "msExchMailboxGUID" and "objectGUID" properties are distributed amongst more than one AD user object, problems occur in Exchange because it can "see" all affected user objects in the AD. The solution is to resolve the ambiguity, by erasing one of the conflicting users. A workaround is to hide the AD objects with questionable ObjectGUID from the Exchange Servers by placing them into an OU on which the "Exchange Servers" Security Group has "Deny" Permissions. With this setup, only the AD-object with the "msExchMailboxGUID" property remains visible for the Exchange Servers and no duplicates are detected.