This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
We are running an Exchange Server 2016 (Version 15.1 (Build 2176.2)).
We noticed recently that staff emailing a few external email accounts were receiving NDR's. Upon further examination, we found that these external email addresses did indeed contain an Active Directory account for the user, although there was no local mailbox on Exchange, nor a Contact. We found that even when the email address was being manually typed in Outlook, it was trying to use the Active Directory account as the destination. The Active Directory account contained an entry in the General tab that contained the external email address. These users access our network only to use certain applications.
For the most part, the issue was addressed by removing the email entry from the General tab. In some cases, I had to create an associated mailbox Then create a Contact with the external email address. Then forward the internal email to the Contact.
My question is what are the Microsoft best practices in this situation? Should the General Tab NOT contain an email address if it is for an external mailbox, even if there is no internal mailbox? Does Outlook try to route email internally using this entry even if it is not setup as an email domain that it accepts email for?
Thanks in advance for the assistance.
Regards,
Rudy
Hi @Rudolf Amarlapudi ,
Based on my understanding of your description, creating mail users for the external email addresses could be the best fit for your scenario. In this case, these external users can have both the external email addresses and the logon credentials in your Exchange organization to access resources. All messages sent to the mail users are routed to this external email address. When a mail user is created, the Email entry on the General Tab is filled up with the external email address:
For more details, you may refer to: Manage mail users.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for the feedback.
The way you are indicating is exactly how we currently have it setup. However, attempts to email the the "external email address" for some of these "mail users", senders have received NDR's. I'm not sure why. I've attached an example NDR.
Hi @Rudolf Amarlapudi ,
Sorry but I didn't see the attachment. Could you try inserted it again. In order to protect your personal informaiton, please remeber to remove all privacy data like email address or domain name.
Besides, noted that the issue occurs to "some" of the mail users, so I'd also suggest try running the command below for both a problematic mail user and a normal one, then compare the output to see if there's any obvious difference:
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Trying again...
115211-ndr.pdf
Hi @Rudolf Amarlapudi ,
From the attached .pdf file, the error message included in the NDR was "Remote Server returned '550 5.1.11 RESOLVER.ADR.ExRecipNotFound; Recipient not found
by Exchange Legacy encapsulated email address lookup'", and based on my experience, this could be caused by bad entries in the Outlook AutoComplete cache. But noticed that you have already tried manually typing the recipient email address in Outlook, so it seems that it's not the case in your situation. However, it's still recommended to have a go by clearing the autocomlete entry in one of the affected machine and see if it could help.
In case the above doesn't work, please run the command below for one of the problematic mail users, checking if its LegacyExchangeDN attribute is empty:
If it's empty, run the following command to force generate the LegacyExchangeDN attribute value and check how it goes:
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Rudolf Amarlapudi ,
I'd like to follow up to see how things are going on with this issue. Have you had a chance to try clearing the autocompete cache entry or checking the LegacyExchangeDN attribute of a problematic mail user?
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thank you for your assistance and input, YukiSun.
I will follow through with the recommendations and see how things go.
I think we can close this case for now. I'll create a new case again if needed.
Regards,
Rudy
Sign in to comment