How many times have you tried to add an SMTP address to a mailbox or other mail-enabled object via Active Directory Users and Computers only to be prevented from doing so because the address already existed within your organization? In this article, we’ll take a look at some of the methods available for finding which object within Active Directory currently owns that SMTP address.
The mail-enabled objects within Active Directory can have multiple SMTP addresses assigned to them. For example, it’s quite common for Exchange administrators to add additional SMTP addresses to mailboxes from within Active Directory Users and Computers. If the SMTP address already exists within the organization, Active Directory Users and Computers informs you of this fact via the error message shown below in Figure 1. It can be quite frustrating to determine which object already has this SMTP address, since it could be another mailbox, a distribution group or even a public folder. This is an area that has prompted quite a few questions on the various Exchange mailing lists and newsgroups.
Figure 1: Existing Address Error Message
There are many different methods for finding which object is currently the owner of an elusive SMTP address and below you’ll find a selection of them. Some of the methods are fairly simple whilst others are slightly more involved. The more involved methods are typically achieved via a tool or utility that is also capable of many other tasks, so if nothing else, it may prompt you to investigate that tool even further.
Resolve or Receipt
Let’s assume you wish to add the address of email@example.com to your mailbox but you get the error message shown above in Figure 1. The first thing you can try is to type this SMTP address into your Outlook client and try to resolve the recipient via CTRL-K. If this address resolves, then you’ve found your object that owns the address. Some other administrators simply send a test message with a receipt to the SMTP address and examine the receipt details when it arrives. What if the SMTP address belongs to a public folder that’s hidden from the Global Address List (GAL)? The address typed into a new mail message will not resolve to anything so you’ll be none the wiser this way. There are other approaches that can provide much more information as I shall now explain.
Active Directory Users and Computers
The Active Directory Users and Computers snap-in can be used to search for the address. To do this, follow these steps:
- Run Active Directory Users and Computers.
- Right-click the domain object and choose Find from the context menu. This will bring up the Find Users, Contacts, and Groups window.
- In the Find drop-down list, choose Custom Search.
- Click the Advanced tab and in the Enter LDAP query: field, enter the following text: proxyaddresses=smtp:firstname.lastname@example.org.
- Click the Find Now button.
The result is shown in Figure 2 and you can see here that it’s pretty obvious which object owns the SMTP address: a public folder called Exchange 2007.
Figure 2: Active Directory Users and Computers Search Result
There are a couple of important things to note here. First, why did we use the term proxyaddresses in our Lightweight Directory Access Protocol (LDAP) query above? Well, this is the name of the multi-valued Active Directory attribute that holds the list of SMTP addresses associated with a mail-enabled object. Although the preceding example focused on a public folder, the same principle would also apply to any other mail-enabled object. For example, Figure 3 below shows you the result of bringing up the properties of a mail-enabled distribution group called IT Consultants using ADSIEdit.
Figure 3: ADSIEdit proxyAddresses Attribute
You can clearly see that this distribution group has two SMTP addresses associated with it. In order to search all available SMTP addresses, we must search the proxyAddresses attribute.
Second, why did we choose to perform a custom search? This is because this method allows you to search all directory objects in Active Directory Users and Computers at the same time, including distribution groups and public folders. You may never know what type of object currently owns the SMTP address you are looking for. If you narrow down your search to just user objects for example, you won’t find the address if it’s owned by a public folder or a distribution group.
ADFIND is an extremely useful command-line Active Directory query tool written by Joe Richards, a Microsoft Most Valuable Professional (MVP) for Windows Server Directory Services. The tool is free to download and you can find it here. Obviously a tool like ADFIND does an awful lot more than I have time or space to write about here, but let’s quickly look at how it can be used to track down our existing SMTP address.
Drop to a command prompt and execute the following command line:
adfind –root –f proxyaddresses=smtp:email@example.com
You’ll note that we are using the same proxyaddresses search filter as we previously used. You can see the result of the search in Figure 4 below.
Figure 4: Adfind Results
You can see from Figure 4 that ADFIND has detected the SMTP address on the relevant public folder object via the following three output lines:
dn:CN=Exchange 2007,CN=Microsoft Exchange System Objects,DC=neilhobson,DC=com
>cn: Exchange 2007
This distinguished name contains a reference to Microsoft Exchange System Objects, which is a container that exists to house public folder directory objects; the fact that the objectClass attribute is set to publicFolder gives the game away. You can see that the object’s common name (cn) field is set to Exchange 2007, so from these three lines you can deduce that the required SMTP address belongs to a public folder called Exchange 2007.
That was pretty simple but as I said earlier, ADFIND does a lot more than this. Take some time to read Joe’s website or the command-line options to see what else this tool can do for you.
LDIFDE & CSVDE
LDIFDE stands for ‘LDAP Data Interchange Format Directory Exchange’ whilst CSVDE stands for ‘Comma-Separated Value Directory Exchange’. Both are administrative tools that allow you to import and export directory objects in batch mode.
Although LDIFDE and CSVDE have many parameters that you can use, we can get away with using just two parameters for either of these tools within this exercise. First we need to make use of the –f parameter, which allows us to specify the import or export file name. Second, we need to use the –l parameter, which allows us to specify the list of LDAP attributes to export. By default, both LDIFDE and CSVDE operate in export mode, so there’s no need to add the mode parameter. Additionally, LDIFDE and CSVDE will search for all objects by default so we don’t need to add any parameters to state this. Therefore, to export a list of the proxyAddresses attribute to a file called addresses.txt, our command lines will look like this:
ldifde –f c:\addresses.txt –l proxyaddresses
csvde –f c:\addresses.txt –l proxyaddresses
Figure 5 shows what to expect when running the LDIFDE command.
Figure 5: Running LDIFDE
All that we need to do now is to open addresses.txt in notepad and search for the string firstname.lastname@example.org. Figure 6 below shows the result of doing this when using LDIFDE. Here you can see that the SMTP address belongs to the object with the following distinguished name:
dn: CN=Exchange 2007,CN=Microsoft Exchange System Objects,DC=neilhobson,DC=com
Obviously this matches what we saw earlier using the ADFIND utility.
Figure 6: LDIFDE Results
With CSVDE, the format of the resulting output file is different to that of the file produced by LDIFDE but the results are essentially the same, as shown in Figure 7. Searching for the required SMTP address reveals the distinguished name of the object owning that address.
Figure 7: CSVDE Results
Rather like the ADFIND tool mentioned earlier in this article, both LDIFDE and CSVDE are powerful tools for performing many other tasks relating to directory object access. The Microsoft TechNet site has more information on LDIFDE and CSVDE parameters.
Finally, you can use LDP to determine which object owns an SMTP address. LDP is a Windows support tool and yet another way to search Active Directory via LDAP. Here’s what you need to do once you’ve run ldp.exe. Note that we’re using our trusty SMTP address of email@example.com as the example here.
- Click the Connection menu and then click Connect.
- In the Connect window, enter the name of one of your directory servers in the Server field and then click OK.
- Now back at the main LDP screen, click Bind from the Connection menu.
- In the Bind window, authenticate yourself to the directory by typing a valid username, password and domain name, and then click OK.
- Now that we’ve connected and authenticated to the directory, we can proceed to search for our SMTP address. Click the View menu and then click Tree.
- In the Tree View window, leave the Base DN field empty and click OK.
- In the left-hand pane of the LDP window, you should now see your domain listed which can be expanded accordingly. This is shown in Figure 8.
Figure 8: LDP Domain Connection
- Now right-click the domain name listed at the very top of the left-hand pane and choose the Search option from the context menu.
- In the Search window, enter the following text into the Filter field:
- Still at the Search window, ensure that the Scope option is set to Subtree and then click Run.
- In the right-hand pane of the LDP window, the results of the search will now be displayed. This is shown in Figure 9.
Figure 9: LDP Results
You can see from Figure 9 that the highlighted text clearly shows the distinguished name of the owning object, along with useful information such as the object class (in this case a public folder) and the object’s common name (in this case Exchange 2007). Note that, if the SMTP address wasn’t owned by any object, you’d see Getting 0 entries shown in the right-hand pane.
Using LDP is somewhat more complicated and time consuming than the other processes, but nevertheless it’s still a valid option in searching for an SMTP address.
Within this article I have covered several methods that allow you to search your directory for an elusive SMTP address. Whilst there are some fairly simple methods that you’ll no doubt choose to try first, it’s worth looking at using the various tools on offer as well. If nothing else, it’ll allow you to increase your understanding of these tools and what they are also capable of; you’ll be able to make use of them in your day-to-day administrative activities.