Mail enabled Contacts in a Hosted Enviroment and the Offline Address Book.

Contacts in a Hosted Exchange environment can be tricky to implement succesfully, with 1) the way Exchange searches object attributes to create an Offline Address Book and 2) Active Directory not allowing 2 objects to have the same proxy address (which in all fairness is actually a great necessary check in the GUI to have – although this can be bypassed with LDAP manipulation! (ADSI too) – Note: having two objects with an identical proxyaddress will break delivery to that address and is considered attribute corruption of Active Directory).

So how does the Exchange 2003 System Attendant (using oabgen.dll) determine objects to be included for OAB generation? - It looks to see if the object has two attributes: a ‘proxyaddress’ and ‘mail’ attribute. It will further check to ensure the primary (SMTP in uppercase) ‘proxyaddress’ matches the mail attribute address.

So how does an Exchange Hoster get around 2 companies having the same contact of john@doe.com for example?

First let me explain the TargetAddress and ProxyAddress attributes on a mail enabled AD contact.

The TargetAddress is their actual email address, for example : bill@microsoft.com
The ProxyAddress is what RUS (if you use it – HMC disables all but Enterprise RUS (enabled for System Attendant operation)) stamps on the objects email addresses tab. RUS can of course be told to bypass objects by unchecking ‘Automatically update email addresses based on recipient policy’. You will find the primary proxyaddress will be the address of the contact, matching the targetaddress, and depending on RUS and Recipient Policy configuration it could well be stamped with further proxyaddresses.

So, john@doe.com – how can two customers have this contact in an HMC/Hosted Exchange environment?

The short answer is they can, but it cannot show up in the OAL. This is due to the Offline Address Book generation specifying proxyaddress attributes I mentioned earlier, rather than also considering targetaddress attributes.

99% of hosters won’t have this problem – and contacts will be generated with a proxy address (something HMC supports by default). However when you run into this problem it does cause customer grief.

One way of bypassing it is to give a bogus proxyaddress, for instance ‘HostedCompanyName.joe@bloggs.com’, where HostedCompanyName is the name of the Hosted Exchange customer.

This does work, but introduces other issues when a user outside the Org performs a ‘Reply All’. Take a look.

Here’s the properties of the contact from the GAL:

Here’s the contact from the AD, I have pulled the info from ADSIEdit:

You can see the highlighted proxyaddress and targetaddress attributes clearly:

When you send a message outside of the Org, and include the contact, if anyone that is also outside the Org does a 'Reply All', they will only see the incorrect proxyaddress and not the correct SMTP address of the contact, which is the targetaddress:

This of course will result in an NDR

The fix? Remove the proxy attribute altogether, removing the contact from OAB generation, or have the primary proxy address match the target address (standard Exchange2003/2007 behaviour) – but something that will cause mail flow issues when you get a customer with the same contact.


Oliver Moazzezi

MVP - Exchange Server

Exporting email addresses from Active Directory

This seems to be a hot topic all the time in the newsgroups so....

Run this at the cmd prompt on one of your Windows 2000 and above servers.

ldifde -f C:\youremailexport.txt -l proxyaddresses

Replace C:\youremailexport.txt with whatever drive letter and text file name you want.

Here's a great kb explaining ldifde http://support.microsoft.com/kb/237677

Have fun!


Oliver Moazzezi

MVP - Exchange Server

Adding a Windows 2008 Core Server to a Domain

To join a 2008 core server to a domain run the following command:





netdom join W2K8DC04 /domain:home.local /userd:yourusernamehere /passwordd:yourpasswordhere

Note: the account must have the correct priviledges to add a machine to the domain, also passwordd isn't a typo - and because this is the command prompt your password isn't hashed *******so make sure no one is looking over your shoulder ;-)

Update: you can just enter a single * and it will then prompt for a password that is hashed.

Once the server has rebooted you can verify this by running:

netdom verify w2k8dc04













Oliver Moazzezi

MVP - Exchange Server

64bit Domain Controllers

What's the benefit you may ask, well plenty if configured correctly!

Here at Cobweb we've just finished our deployment of 64bit DC's. The project was started as we realised if we kept our existing 32bit Domain Controllers we would actually have to double the number to support both our existing Exchange 2003 infrastructure and the soon to be deployed Exchange 2007 service we are launching. Supporting 40,000 mailboxes (approx: at this time) takes a lot of Directory work and the last thing we wanted to do was rack and deploy another farm of Active Directory servers - especially when Rack Consolidation is proving to be so important now with power restrictions DataCentres are starting to enforce.

Ultimately we were left with only one option, upgrade to 64bit.


The general rule of thumb for 32bit GCs is to have 1 processor core for every 4 Exchange processors cores. Note I mention core - not actual processor. Having a 64bit GC extends this support to 1 core for every 8 Exchange cores - as long as the server has enough RAM to support loading the entire of the directory (NTDS.dit file) into RAM.

Thus upgrading to 64bit Directory servers allowed us to keep the same physical number of servers, without having to worry about rackspace or power considerations - and indeed cooling - and has given us the support for both Exchange 2003 and Exchange 2007 into our infrastructure.


Oliver Moazzezi

MVP - Exchange Server