Go Premium for a chance to win a PS4. Enter to Win


AD User Changed, but Old Name Appearing in CN String

Posted on 2011-02-20
Medium Priority
Last Modified: 2012-05-11
There are a couple of users in my domain that have had their user names changed in the last couple of years.  If I click their user properties and browse through all the tabs, the alias and other pertinent username fields show to be correct.  For example, let's say one user's name was Jeff Green, but the original AD username was set up as Jeff Greene.  The user is renamed using the "rename" function in AD, and then I would go into the properties and make sure everything changed as expected.

The problem happens when I run a script that actually pulls the full AD context for that user.  I have a particular script in Outlook that is supposed to parse that context to ascertain a user's e-mail address, and with my example, even though the user's information in AD is completely correct (i.e., last name is "Green" and all of the username/alias fields show "jgreen"), the context string shows something like this:


How can I fix this so that the context name here is correct?  I can't find where this shows up and can be modified; and I'm not even sure if it really can.

Any help would be appreciated.  Thanks!
Question by:NateR78
  • 3
  • 2
  • 2
  • +2
LVL 13

Expert Comment

by:Mohamed ElManakhly
ID: 34937413
well iam not quite sure what the reason is , but i can tell you how to view this properties and edit them.using ADSIedit.msc , you have to install the support tools from the windows server CD if you are using windows 2003 in order to open the console. however be extreemly cautious when using this tool as by doing so are actually editing in the Active Directory Database.
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34937428
LVL 58

Expert Comment

ID: 34937604

That is not an Active Directory issue. It is an Exchange issue, and the value you quoted above for JGREENE is called his legacyExchangeDN.

The legacyExchangeDN was stamped on the mailbox when it was created and you really do not want to start hacking around with ADSIEdit to change it. It is used by Outlook when users send JGREENE an email internally. Editing it would cause undelivered email bounces as the users' Outlook Autocomplete caches are not updated, as well as other issues.

Using that string to ascertain a user's actual email address isn't always a foolproof method because email addresses can and do change. My advice would be to parse the user's proxyAddresses attribute in Active Directory instead, which will contain their actual email addresses as defined in AD and Exchange.

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.


Accepted Solution

Tommy_Cooper earned 2000 total points
ID: 34941894
It is because of this exact issue that many engineers will always argue that using the "rename" function of ADU&C is not good practice.

If a user requires a rename it is often better to export the mbx and and all other details and then delete the original account and re-create a new one using the new name.

A little bit more hassle at the time, but in the long run, you know have a consistent convention of names and other attrbutes that keep your scripts simple :)
LVL 58

Expert Comment

ID: 34942962
>> If a user requires a rename it is often better to export the mbx and and all other details and then delete the original account and re-create a new one using the new name

Definitely - but as long as you copy over the user's old legacyExchangeDN into an additional "X500" address on their new account.

Otherwise replies to messages they sent internally won't turn up, nor will the name picked from other users' Outlook autosuggest caches deliver correctly any longer.

I have also heard of people who make a new account, disable the old one but configure it to forward to the new one. Sounds too messy for my liking, but it's an alternative.


Author Comment

ID: 34943156
Thanks for the comments.  I did find the legacyExchangeDN attribute and was wondering if I should leave it as-is.  Based on the information here, I'm glad I made that decision.  I'll see how I can work around it.  @tigermatt: I will try your recommendation and use the proxyAddresses attribute, but it's going to take a little bit of work.  The problem is occurring in a VBA script in Outlook when I pull the "SenderEmailAddress" property of an Outlook.MailItem.  If there is not another suitable property available that provides this information, I'll have to build an LDAP query from the "SenderEmailAddress" property to ascertain "proxyAddresses" for each user.

I'll have to see how that goes because I'm not very well-versed in VBA LDAP queries.  Anybody here have any thoughts on how to do that or do I need to re-post in VB?
LVL 58

Expert Comment

ID: 34943185

I'm afraid I'm not well versed in Outlook VBA (not sure about the other folks posting here though). There are certainly some very knowledgeable people over in the VB and the Outlook zone, though.


Assisted Solution

Tommy_Cooper earned 2000 total points
ID: 34943221
What exactly is your script trying to do? From what has been said so far, I'm thinking along the lines that you only want a users "default" or reply address?? If so, look for the AD attribute that is named "mail". This will give you one single address that is the users reply address.

Does that help? If not, tell us exactly what your script is trying to do.

I will also probably point you in the direction of the VB groups :)

Author Comment

ID: 34944861
I have submitted another ticket with VB and Outlook folks, but in case you want to see the code, here it is.  I want to ascertain the primary smtp address for the user, and the "Outlook.MailItem" object has a property called "SenderEmailAddress" but it's pulling that legacyExchangeDN... I am going to have to do a custom LDAP query it seems.
Sub Helpdesk()
Dim helpdeskaddress As String
Dim objMail As Outlook.MailItem
Dim strbody As String
Dim oldmsg As String
Dim emailUser As String
Dim objItem As Outlook.MailItem

' Set this variable as your helpdesk e-mail address
helpdeskaddress = "helpdesk@company.com"

Set objItem = GetCurrentItem()
Set objMail = objItem.Forward

'get the username portion of the sender email address by parsing LDAP string
If (InStr(1, objItem.SenderEmailAddress, "CN=") > 0) Then
  emailUser = (Right(objItem.SenderEmailAddress, (Len(objItem.SenderEmailAddress) - 57))) & "@company.com"
  emailUser = objItem.SenderEmailAddress
End If

'adds the senders e-mail address as the created by object for the ticket and appends the message body
strbody = "#created by " & emailUser & vbNewLine & vbNewLine & objItem.Body

objMail.To = helpdeskaddress
objMail.Subject = objItem.Subject
objMail.Body = strbody

' remove the comment from below to display the message before sending

'Automatically Send the ticket

Set objItem = Nothing
Set objMail = Nothing
End Sub

Function GetCurrentItem() As Object
Dim objApp As Outlook.Application
Set objApp = Application
On Error Resume Next
Select Case TypeName(objApp.ActiveWindow)
Case "Explorer"
Set GetCurrentItem = _
Case "Inspector"
Set GetCurrentItem = _
Case Else
End Select
End Function

Open in new window


Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question