Have you ever wondered why different places in Exchange 2007, Exchange 2010 and Exchange 2013 still refer to a now-archaic structure called an administrative group that was used as the foundation for server management in Exchange 2000 and Exchange 2003? Even stranger, the administrative group features the strange string “FYDIBOHF23SPDLT” that’s exposed if you perform operations such as examining the legacyExchangeDN of a mailbox:
Get-Mailbox TRedmond | Format-List Identity, legacyExchangeDN Identity: TRedmond legacyExchangeDN: /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Exchange Users/cn=TRedmond
The answer is that when Microsoft decided to change the way servers were managed in Exchange 2007, they retained a single administrative group for backwards compatibility and stored details of Exchange 2007 servers there. This model persists for Exchange 2010 and, which is the reason why the administrative group is still around.
You can see from the value of the legacyExchangeDN property of the mailbox shown above that the administrative group is an Active Directory container within the container used to hold all the objects used by the Exchange organization (in this case, the organization is named “Contoso”). LegacyExchangeDN is also used in the same way by Exchange Online in, although in this case the organization name is "ExchangeLabs".
In fact, legacyExchangeDN is another artefact of the past, this time going back to the original Exchange 4.0 Directory Store that was loosely based on the ITU X.500 recommendations. Of course, the Directory Store evolved into Active Directory and when Exchange 2000 began to support Active Directory, it also kept the X.500-format distinguished names (the DN part of legacyExchangeDN).
But what of FYDIBOHF23SPDLT? Well, when the Exchange 2007 developers selected a name for this special hold-all administrative group, they decided to use a name that was highly unlikely to be in use within a production organization. Many Exchange 2000 and Exchange 2003 organizations went with the flow and selected the default “First Administrative Group” as the name for the first administrative group in the organization (logical anyway…), but the need existed to come up with a really unique name. Hence FYDIBOHF23SPDLT.
If you use a very old code called “Caesar’s Cipher,” you’ll find that the code works by shifting letters by a set number (the shift parameter, or code key) right or left within the alphabet to mask the meaning of words. In this instance, if you move the letters in “FYDIBOHF23SPDLT” one space to the left, you end up with the text “Exchange12Rocks” or “Exchange 12 Rocks” with spaces added for readability. Exchange 12 was Microsoft’s code name for Exchange 2007 and now you know how the developers came up with the name to honor the work they’d done to create what turned up to be the first version in the current generation of Exchange’s architecture, the third since the product first shipped in Exchange 4.0.
Developers will tell you that it’s always easier to write code when you don’t have to cater for an installed base and have to interoperate with previous versions. In this instance, the Exchange developers did a lot of hard work to ship Exchange 2007 and had some fun at the same time.
Follow Tony @12Knocksinna