-
Title
Multiple X500 addresses are stamped by DSA -
Description
When examining the proxyAddresses attribute on the source or target object participating in DSA sync, multiple X500 addresses of the same type are found. The same can be viewed on the Email Addresses Tab in Active Directory Users and computers.
-
Cause
Most likely these accounts were deleted in the target (source) domain many times and DSA continued to create and synchronize to each new account. DSA is designed in such a way that LegacyexchangeDN of target object is copied to x500 address of the source object and vice versa. Whenever a target (source) account is deleted and a new one is created by the DSA and mailbox-enabled, this process will again copy the new legacyExchangedn to x500 addresses on the other side. As a result when several users were deleted many times, DSA creates multiple x500 addresses on the source (target) objects.
-
Resolution
This behaviour is by design. Please avoid deleting objects in the scope of DSA unless absolutely necessary.
WORKAROUND:
Duplicate secondary x500 addresses can be cleaned leaving only primary X500 as this would be the last one stamped by DSA. This primary X500 address will correspond to the object that currently exists on the opposite side. Please be careful in cleaning x500 addresses as some of them may have been stamped by different tool prior to the beginning of migration. Multiple x500 addresses created by DSA would normally fall under the same pattern of the Exchange organization on the opposite side of migration (source or target). For this purpose VB script or ADModify utility can be used.