How can I update the sn and givenName attributes in Active Directory without the 'mail' attribute later autoupdating

I am using a java LDAP API to update certain values in Active Directory.

When I update a user's sn (surname AKA last name) and/or givenName (AKA first name), I'm noticing that their 'mail' attribute is automatically being updated as well (we're running Exchange Server 2003).  The desired behavior is that the mail attribute remain as-is regardless of what we change the first and last name to programmatically.  Our admins say that there is nothing that we can do about this from their end as it's something automatic within Active Directory.

I'm looking for ideas/work-arounds to be able to preserve the mail address when updating it from my application - preferably in a manner that wouldn't disrupt instances where someone might want that mail address to be updated (i.e. an admin creating a new account via the AD admin tools).
LVL 1
TomBruserAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chris-kCommented:
I think this is an Exchange function.

One solution might be to reconfigure the AD schema in some way such as creating extensions (although I wouldn't advise it)

Another solution might be to change the primary e-mail address in AD User & Computers -> User Account Properties -> E-Mail Addresses tab. This is the one in bold and represents the 'From' and 'Reply to' address when sending e-mail. You can add a new one and select it as primary. It should then remain static (as far as I'm aware).

One last solution might involve some sort of script (.vbs or .js) that prehaps checks the consistency of attributes or something similar.

Sorry for the limited info,

Regards.
0
TomBruserAuthor Commented:
Digging deeper - this is what I've found:

Selecting a primary email address which is different than the current one doesn't prevent Exchange from creating a new mailbox with changed person's name.  In fact, if you change the primary and wait awhile, it will automatically change back to the one that matches the user's name.

Unchecking the 'Automatically update e-mail addresses based on recipient policy' within the same AD Properties tab is what will prevent the automatic update from occurring.  There are also attributes tied to each AD user which will determine which recipient policies are to run and which to exclude.  Unchecking the box effectively sticks the GUID for the mailbox creation/update policy into the exclude attribute (which can be accomplished programmaticalyl as well).  This works so long as your AD admins can live without the automatic updates.

0
TomBruserAuthor Commented:
I answered my own question on 4/19 and followed up with a post to the community soon after.  Please close and refund, and, alternatively, keep this question available for others to search as my 4/19 post is the correct answer to the question.
0
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.