3.3.5.4 Mailbox Validation

A client MUST NOT let a replica (2) of one mailbox synchronize with a different mailbox. For this reason, a client MUST identify the mailbox associated with any given replica (2). This can be accomplished by using the mailbox instance GUID, which is returned by the RopLogon ROP ([MS-OXCROPS] section 2.2.3.1). The mailbox is associated with the local replica and compared to the mailbox GUID after the RopLogon ROP completed.

Mailbox validation is particularly important in a disaster recovery scenario. For example, assume a database is lost and an interim mailbox is created while database recovery is in progress. In this scenario, the client receives a new mailbox instance GUID in the RopLogon ROP response while connecting to the interim mailbox. In a possible implementation, this causes the client to switch to online mode to keep the replica (2) from synchronizing with more than one mailbox. Once the database recovery is complete, the original mailbox instance GUID is returned in the RopLogon ROP response, and the client can switch back to cached mode.