Microsoft KB Archive/929875

From BetaArchive Wiki
Knowledge Base


The GAL Synchronization management agent adds X.500 proxy addresses to source objects when you use Identity Integration Server 2003 or Identity Integration Feature Pack for Active Directory to synchronize Exchange 2003 organizations

Article ID: 929875

Article Last Modified on 12/30/2006



APPLIES TO

  • Microsoft Identity Integration Server 2003 Enterprise Edition
  • Identity Integration Feature Pack for Microsoft Windows Server Active Directory



SYMPTOMS

You use one of the following programs to synchronize the global address list (GAL) from one Microsoft Exchange Server 2003 organization with the GAL from another Exchange 2003 organization:

  • Microsoft Identity Integration Server (MIIS) 2003, Enterprise Edition
  • Identity Integration Feature Pack for Microsoft Windows Server Active Directory

When you do this, the GAL Synchronization management agent adds the X.500 proxyAddress attribute value from the destination folder to every object in the source folder by default.

CAUSE

This issue occurs if you use the default settings in the GAL Synchronization management agent.

When you use the default settings in the GAL Synchronization management agent, the GAL Synchronization management agent creates mail-enabled contact objects in the destination folder. These mail-enabled contact objects represent mailbox-enabled users, groups, and contact objects in the source folder. In an Exchange 2003 environment, the following behavior occurs after these mail-enabled contact objects are created:

  • The Recipient Update Service in the destination Exchange organization stamps the new contact objects with the required Exchange attributes. These attributes include the legacyExchangeDN attribute.
  • By default, the attribute flow rules in the GAL Synchronization management agent transfer the legacyExchangeDN attribute from the contact object in the destination folder to the user, group, or contact object of the source folder as an X.500 proxy address.

This behavior is intended to enable a recipient to reply to e-mail messages from a source mailbox if that source mailbox is moved from one Exchange organization to another Exchange organization. You may require this functionality if you use the GAL Synchronization management agent to help migrate one Exchange organization to another Exchange organization. However, if you only want to synchronize the GAL information between two native mode Exchange 2003 organizations, you do not have to have this kind of attribute flow. Additionally if you have this kind of attribute flow in a synchronization scenario, you may experience the following symptoms:

  • Additional proxyAddress values are added to every source object that is included in the GAL Synchronization management agent.
  • Many changes occur in the GAL. These changes may cause Microsoft Office Outlook 2003 clients to download the Offiline Address Book (OAB) many times.
  • Replication traffic increases in the Active Directory directory service.
  • Public Folder replication traffic increases.


RESOLUTION

To resolve this issue, remove the metaverse-to-data source attribute flow from the attribute flow rules in the GAL Synchronization management agents that you use to synchronize the Exchange 2003 organizations. To do this, follow these steps:

  1. Start the Identity Manager tool.
  2. In the Identity Manager tool, click Management Agents, right-click the Active Directory global address list (GAL) management agent that you want to modify, and then click Properties.
  3. In the Properties dialog box, click Configure Attribute Flow in the left pane.
  4. In the Data Source Attribute column that is in the right pane, expand Object Type: user.
  5. In the attribute flow rules that appear under Object Type: user, locate the attribute flow rule that meets the following conditions:
    • The Metaverse Attribute column contains legacyExchangeDN.
    • The Data Source Attribute column contains proxyAddresses.
    • The rule flow arrow points from right to left. Therefore, the legacyExchangeDN attribute flows to the proxyAddresses attribute.

    Typically, this attribute flow rule is the attribute flow rule that appears under Object Type: user. Additionally, this is the only rule under Object Type: user in which the arrow points from right to left. For example, this entry may resemble the following:

    Object Type: user blank Object Type: person
    proxyAddress <--- legacyExchangeDN
  6. Click the attribute flow rule, and then click Delete to remove this flow rule.

    Important Make sure that you click the attribute flow rule and not the Object Type: user object before you click Delete.
  7. Repeat steps 4 through 6 to remove the legacyExchangeDN attribute-to-proxyAddresses attribute flow rule for the following objects:
    • Each contact object that appears in the Data Source Attribute column
    • The group object that appears in the Data Source Attribute column
  8. Click OK to save the changes to the management agent.


MORE INFORMATION

An X.500 address may be added to a mailbox because old e-mail messages in a migrated mailbox contain these addresses. The reply address of an old e-mail message contains the return routing information. This information is based on the X.500 distinguished name (also known as DN). Therefore, if this address is not present in the new Exchange organization, all the replies to these earlier e-mail messages receive non-delivery reports (NDRs).

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

275134 Cannot reply to messages that are sent from a user account that was moved to a different site



Additional query words: GALSync

Keywords: kbtshoot kbprb KB929875