Solved

How can I update the sn and givenName attributes in Active Directory without the 'mail' attribute later autoupdating

Posted on 2007-04-10
6
912 Views
Last Modified: 2013-12-03
I am using a java LDAP API to update certain values in Active Directory.

When I update a user's sn (surname AKA last name) and/or givenName (AKA first name), I'm noticing that their 'mail' attribute is automatically being updated as well (we're running Exchange Server 2003).  The desired behavior is that the mail attribute remain as-is regardless of what we change the first and last name to programmatically.  Our admins say that there is nothing that we can do about this from their end as it's something automatic within Active Directory.

I'm looking for ideas/work-arounds to be able to preserve the mail address when updating it from my application - preferably in a manner that wouldn't disrupt instances where someone might want that mail address to be updated (i.e. an admin creating a new account via the AD admin tools).
0
Comment
Question by:TomBruser
  • 2
6 Comments
 
LVL 2

Expert Comment

by:chris-k
ID: 18885579
I think this is an Exchange function.

One solution might be to reconfigure the AD schema in some way such as creating extensions (although I wouldn't advise it)

Another solution might be to change the primary e-mail address in AD User & Computers -> User Account Properties -> E-Mail Addresses tab. This is the one in bold and represents the 'From' and 'Reply to' address when sending e-mail. You can add a new one and select it as primary. It should then remain static (as far as I'm aware).

One last solution might involve some sort of script (.vbs or .js) that prehaps checks the consistency of attributes or something similar.

Sorry for the limited info,

Regards.
0
 
LVL 1

Author Comment

by:TomBruser
ID: 18941995
Digging deeper - this is what I've found:

Selecting a primary email address which is different than the current one doesn't prevent Exchange from creating a new mailbox with changed person's name.  In fact, if you change the primary and wait awhile, it will automatically change back to the one that matches the user's name.

Unchecking the 'Automatically update e-mail addresses based on recipient policy' within the same AD Properties tab is what will prevent the automatic update from occurring.  There are also attributes tied to each AD user which will determine which recipient policies are to run and which to exclude.  Unchecking the box effectively sticks the GUID for the mailbox creation/update policy into the exclude attribute (which can be accomplished programmaticalyl as well).  This works so long as your AD admins can live without the automatic updates.

0
 
LVL 1

Author Comment

by:TomBruser
ID: 19133532
I answered my own question on 4/19 and followed up with a post to the community soon after.  Please close and refund, and, alternatively, keep this question available for others to search as my 4/19 post is the correct answer to the question.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19251553
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This is about my first experience with programming Arduino.
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now