Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I update the sn and givenName attributes in Active Directory without the 'mail' attribute later autoupdating

Posted on 2007-04-10
6
Medium Priority
?
919 Views
Last Modified: 2013-12-03
I am using a java LDAP API to update certain values in Active Directory.

When I update a user's sn (surname AKA last name) and/or givenName (AKA first name), I'm noticing that their 'mail' attribute is automatically being updated as well (we're running Exchange Server 2003).  The desired behavior is that the mail attribute remain as-is regardless of what we change the first and last name to programmatically.  Our admins say that there is nothing that we can do about this from their end as it's something automatic within Active Directory.

I'm looking for ideas/work-arounds to be able to preserve the mail address when updating it from my application - preferably in a manner that wouldn't disrupt instances where someone might want that mail address to be updated (i.e. an admin creating a new account via the AD admin tools).
0
Comment
Question by:TomBruser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 2

Expert Comment

by:chris-k
ID: 18885579
I think this is an Exchange function.

One solution might be to reconfigure the AD schema in some way such as creating extensions (although I wouldn't advise it)

Another solution might be to change the primary e-mail address in AD User & Computers -> User Account Properties -> E-Mail Addresses tab. This is the one in bold and represents the 'From' and 'Reply to' address when sending e-mail. You can add a new one and select it as primary. It should then remain static (as far as I'm aware).

One last solution might involve some sort of script (.vbs or .js) that prehaps checks the consistency of attributes or something similar.

Sorry for the limited info,

Regards.
0
 
LVL 1

Author Comment

by:TomBruser
ID: 18941995
Digging deeper - this is what I've found:

Selecting a primary email address which is different than the current one doesn't prevent Exchange from creating a new mailbox with changed person's name.  In fact, if you change the primary and wait awhile, it will automatically change back to the one that matches the user's name.

Unchecking the 'Automatically update e-mail addresses based on recipient policy' within the same AD Properties tab is what will prevent the automatic update from occurring.  There are also attributes tied to each AD user which will determine which recipient policies are to run and which to exclude.  Unchecking the box effectively sticks the GUID for the mailbox creation/update policy into the exclude attribute (which can be accomplished programmaticalyl as well).  This works so long as your AD admins can live without the automatic updates.

0
 
LVL 1

Author Comment

by:TomBruser
ID: 19133532
I answered my own question on 4/19 and followed up with a post to the community soon after.  Please close and refund, and, alternatively, keep this question available for others to search as my 4/19 post is the correct answer to the question.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19251553
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Simple Linear Regression
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question