Solved

How can I update the sn and givenName attributes in Active Directory without the 'mail' attribute later autoupdating

Posted on 2007-04-10
6
914 Views
Last Modified: 2013-12-03
I am using a java LDAP API to update certain values in Active Directory.

When I update a user's sn (surname AKA last name) and/or givenName (AKA first name), I'm noticing that their 'mail' attribute is automatically being updated as well (we're running Exchange Server 2003).  The desired behavior is that the mail attribute remain as-is regardless of what we change the first and last name to programmatically.  Our admins say that there is nothing that we can do about this from their end as it's something automatic within Active Directory.

I'm looking for ideas/work-arounds to be able to preserve the mail address when updating it from my application - preferably in a manner that wouldn't disrupt instances where someone might want that mail address to be updated (i.e. an admin creating a new account via the AD admin tools).
0
Comment
Question by:TomBruser
  • 2
6 Comments
 
LVL 2

Expert Comment

by:chris-k
ID: 18885579
I think this is an Exchange function.

One solution might be to reconfigure the AD schema in some way such as creating extensions (although I wouldn't advise it)

Another solution might be to change the primary e-mail address in AD User & Computers -> User Account Properties -> E-Mail Addresses tab. This is the one in bold and represents the 'From' and 'Reply to' address when sending e-mail. You can add a new one and select it as primary. It should then remain static (as far as I'm aware).

One last solution might involve some sort of script (.vbs or .js) that prehaps checks the consistency of attributes or something similar.

Sorry for the limited info,

Regards.
0
 
LVL 1

Author Comment

by:TomBruser
ID: 18941995
Digging deeper - this is what I've found:

Selecting a primary email address which is different than the current one doesn't prevent Exchange from creating a new mailbox with changed person's name.  In fact, if you change the primary and wait awhile, it will automatically change back to the one that matches the user's name.

Unchecking the 'Automatically update e-mail addresses based on recipient policy' within the same AD Properties tab is what will prevent the automatic update from occurring.  There are also attributes tied to each AD user which will determine which recipient policies are to run and which to exclude.  Unchecking the box effectively sticks the GUID for the mailbox creation/update policy into the exclude attribute (which can be accomplished programmaticalyl as well).  This works so long as your AD admins can live without the automatic updates.

0
 
LVL 1

Author Comment

by:TomBruser
ID: 19133532
I answered my own question on 4/19 and followed up with a post to the community soon after.  Please close and refund, and, alternatively, keep this question available for others to search as my 4/19 post is the correct answer to the question.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19251553
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question