TomBruser
asked on
How can I update the sn and givenName attributes in Active Directory without the 'mail' attribute later autoupdating
I am using a java LDAP API to update certain values in Active Directory.
When I update a user's sn (surname AKA last name) and/or givenName (AKA first name), I'm noticing that their 'mail' attribute is automatically being updated as well (we're running Exchange Server 2003). The desired behavior is that the mail attribute remain as-is regardless of what we change the first and last name to programmatically. Our admins say that there is nothing that we can do about this from their end as it's something automatic within Active Directory.
I'm looking for ideas/work-arounds to be able to preserve the mail address when updating it from my application - preferably in a manner that wouldn't disrupt instances where someone might want that mail address to be updated (i.e. an admin creating a new account via the AD admin tools).
When I update a user's sn (surname AKA last name) and/or givenName (AKA first name), I'm noticing that their 'mail' attribute is automatically being updated as well (we're running Exchange Server 2003). The desired behavior is that the mail attribute remain as-is regardless of what we change the first and last name to programmatically. Our admins say that there is nothing that we can do about this from their end as it's something automatic within Active Directory.
I'm looking for ideas/work-arounds to be able to preserve the mail address when updating it from my application - preferably in a manner that wouldn't disrupt instances where someone might want that mail address to be updated (i.e. an admin creating a new account via the AD admin tools).
ASKER
Digging deeper - this is what I've found:
Selecting a primary email address which is different than the current one doesn't prevent Exchange from creating a new mailbox with changed person's name. In fact, if you change the primary and wait awhile, it will automatically change back to the one that matches the user's name.
Unchecking the 'Automatically update e-mail addresses based on recipient policy' within the same AD Properties tab is what will prevent the automatic update from occurring. There are also attributes tied to each AD user which will determine which recipient policies are to run and which to exclude. Unchecking the box effectively sticks the GUID for the mailbox creation/update policy into the exclude attribute (which can be accomplished programmaticalyl as well). This works so long as your AD admins can live without the automatic updates.
Selecting a primary email address which is different than the current one doesn't prevent Exchange from creating a new mailbox with changed person's name. In fact, if you change the primary and wait awhile, it will automatically change back to the one that matches the user's name.
Unchecking the 'Automatically update e-mail addresses based on recipient policy' within the same AD Properties tab is what will prevent the automatic update from occurring. There are also attributes tied to each AD user which will determine which recipient policies are to run and which to exclude. Unchecking the box effectively sticks the GUID for the mailbox creation/update policy into the exclude attribute (which can be accomplished programmaticalyl as well). This works so long as your AD admins can live without the automatic updates.
ASKER
I answered my own question on 4/19 and followed up with a post to the community soon after. Please close and refund, and, alternatively, keep this question available for others to search as my 4/19 post is the correct answer to the question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One solution might be to reconfigure the AD schema in some way such as creating extensions (although I wouldn't advise it)
Another solution might be to change the primary e-mail address in AD User & Computers -> User Account Properties -> E-Mail Addresses tab. This is the one in bold and represents the 'From' and 'Reply to' address when sending e-mail. You can add a new one and select it as primary. It should then remain static (as far as I'm aware).
One last solution might involve some sort of script (.vbs or .js) that prehaps checks the consistency of attributes or something similar.
Sorry for the limited info,
Regards.