Exchange Online migrations and calendar permissions

We’re in the middle of migrating our on-premises Exchange organisation to Exchange Online. You see some odd things when you’re running a hybrid Exchange environment, but one of the oddest I’ve seen so far is a user being denied permission to edit or remove items in their own calendar after being migrated. Trying in Outlook returned an error saying they didn’t have permission to send as the specified user (themselves…) and OWA looked like it had deleted the appointment until the view refreshed, after which it came back.

Turns out the problem is due to the LegacyExchangeDN attribute value on the user object changing when they migrate to Exchange Online. The original value of this attribute is meant to be added as an additional entry on the proxyAddresses attribute when migration completes, but it seems this doesn’t always happen, and this error is the result.

To fix it, you need to re-create the value of the LegacyExchangeDN attribute as it would have been prior to migration, and add it to proxyAddresses manually.

To do this, you’ll need to find another user that the user having issues sent an email to prior to being migrated. If that user then replies to the email, they will receive an NDR saying the message to “IMCEAEX-_O=…” failed. This IMCEAEX address can be converted into the missing X500 address by doing the following:

  • Delete the “IMCEAEX-” string from the start
  • Delete the “@domain.com” string from the end
  • Add “X500:” at the start

Replace special characters by using find and replace:

Old Value New Value
_ (underscore) /
+20 space
+26 &
+28 (
+29 )
+40 @
+2E .
+2C ,
+5F – (hyphen)

Once you have the fully reconstructed X500 address, add it into the proxyAddresses attribute for the user having the issues using ADSIEdit and wait for DirSync / ADFS to update the Cloud object for the user. After this, the issues should resolve themselves.

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email
Bookmark the permalink. Follow any comments here with the RSS feed for this post.
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.