When you prepare your on-premises public folder hierarchy ACLs for migration to Exchange Online or for moving from Exchange Server 2016 to 2019 you might see the following error:
Multiple objects with legacy DN ADCDisabledMail were found.
This error prevents you from removing orphaned entries from public folder ACLs. And when you do not clean up the ACLs, you cannot migrate public folders to Exchange Online or move public folder mailboxes from Exchange Server 2016 to Exchange Server 2019.
The affected objects are mail-disabled objects that were disabled with Exchange Server 2010 or older. The older Exchange Server version used something called Active Directory Connector (aka ADC). When mail-disabling a user or security group, ADC stamped the legacyExchangeDN attribute with ADCDisabledMail. Modern Exchange Server versions do not write that value to the attribute when you mail-disabled the object.
To successfully migrate or move your public folders you must clear the legacyExchangeDN attribute. Otherwise, you cannot remove the orphaned ACL entries.
Simply use the following PowerShell script to clean up those objects.
PowerShell Script
Enjoy Exchange Server.
