Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 865
  • Last Modified:

AD User Changed, but Old Name Appearing in CN String

There are a couple of users in my domain that have had their user names changed in the last couple of years.  If I click their user properties and browse through all the tabs, the alias and other pertinent username fields show to be correct.  For example, let's say one user's name was Jeff Green, but the original AD username was set up as Jeff Greene.  The user is renamed using the "rename" function in AD, and then I would go into the properties and make sure everything changed as expected.

The problem happens when I run a script that actually pulls the full AD context for that user.  I have a particular script in Outlook that is supposed to parse that context to ascertain a user's e-mail address, and with my example, even though the user's information in AD is completely correct (i.e., last name is "Green" and all of the username/alias fields show "jgreen"), the context string shows something like this:


How can I fix this so that the context name here is correct?  I can't find where this shows up and can be modified; and I'm not even sure if it really can.

Any help would be appreciated.  Thanks!
  • 3
  • 2
  • 2
  • +2
2 Solutions
Mohamed ElManakhlyInfrastructure Team LeaderCommented:
well iam not quite sure what the reason is , but i can tell you how to view this properties and edit them.using ADSIedit.msc , you have to install the support tools from the windows server CD if you are using windows 2003 in order to open the console. however be extreemly cautious when using this tool as by doing so are actually editing in the Active Directory Database.
Krzysztof PytkoSenior Active Directory EngineerCommented:

That is not an Active Directory issue. It is an Exchange issue, and the value you quoted above for JGREENE is called his legacyExchangeDN.

The legacyExchangeDN was stamped on the mailbox when it was created and you really do not want to start hacking around with ADSIEdit to change it. It is used by Outlook when users send JGREENE an email internally. Editing it would cause undelivered email bounces as the users' Outlook Autocomplete caches are not updated, as well as other issues.

Using that string to ascertain a user's actual email address isn't always a foolproof method because email addresses can and do change. My advice would be to parse the user's proxyAddresses attribute in Active Directory instead, which will contain their actual email addresses as defined in AD and Exchange.

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to and use offer code ‘EXPERTS’ to get 10% off your first purchase.

It is because of this exact issue that many engineers will always argue that using the "rename" function of ADU&C is not good practice.

If a user requires a rename it is often better to export the mbx and and all other details and then delete the original account and re-create a new one using the new name.

A little bit more hassle at the time, but in the long run, you know have a consistent convention of names and other attrbutes that keep your scripts simple :)
>> If a user requires a rename it is often better to export the mbx and and all other details and then delete the original account and re-create a new one using the new name

Definitely - but as long as you copy over the user's old legacyExchangeDN into an additional "X500" address on their new account.

Otherwise replies to messages they sent internally won't turn up, nor will the name picked from other users' Outlook autosuggest caches deliver correctly any longer.

I have also heard of people who make a new account, disable the old one but configure it to forward to the new one. Sounds too messy for my liking, but it's an alternative.

NateR78Author Commented:
Thanks for the comments.  I did find the legacyExchangeDN attribute and was wondering if I should leave it as-is.  Based on the information here, I'm glad I made that decision.  I'll see how I can work around it.  @tigermatt: I will try your recommendation and use the proxyAddresses attribute, but it's going to take a little bit of work.  The problem is occurring in a VBA script in Outlook when I pull the "SenderEmailAddress" property of an Outlook.MailItem.  If there is not another suitable property available that provides this information, I'll have to build an LDAP query from the "SenderEmailAddress" property to ascertain "proxyAddresses" for each user.

I'll have to see how that goes because I'm not very well-versed in VBA LDAP queries.  Anybody here have any thoughts on how to do that or do I need to re-post in VB?

I'm afraid I'm not well versed in Outlook VBA (not sure about the other folks posting here though). There are certainly some very knowledgeable people over in the VB and the Outlook zone, though.

What exactly is your script trying to do? From what has been said so far, I'm thinking along the lines that you only want a users "default" or reply address?? If so, look for the AD attribute that is named "mail". This will give you one single address that is the users reply address.

Does that help? If not, tell us exactly what your script is trying to do.

I will also probably point you in the direction of the VB groups :)
NateR78Author Commented:
I have submitted another ticket with VB and Outlook folks, but in case you want to see the code, here it is.  I want to ascertain the primary smtp address for the user, and the "Outlook.MailItem" object has a property called "SenderEmailAddress" but it's pulling that legacyExchangeDN... I am going to have to do a custom LDAP query it seems.
Sub Helpdesk()
Dim helpdeskaddress As String
Dim objMail As Outlook.MailItem
Dim strbody As String
Dim oldmsg As String
Dim emailUser As String
Dim objItem As Outlook.MailItem

' Set this variable as your helpdesk e-mail address
helpdeskaddress = ""

Set objItem = GetCurrentItem()
Set objMail = objItem.Forward

'get the username portion of the sender email address by parsing LDAP string
If (InStr(1, objItem.SenderEmailAddress, "CN=") > 0) Then
  emailUser = (Right(objItem.SenderEmailAddress, (Len(objItem.SenderEmailAddress) - 57))) & ""
  emailUser = objItem.SenderEmailAddress
End If

'adds the senders e-mail address as the created by object for the ticket and appends the message body
strbody = "#created by " & emailUser & vbNewLine & vbNewLine & objItem.Body

objMail.To = helpdeskaddress
objMail.Subject = objItem.Subject
objMail.Body = strbody

' remove the comment from below to display the message before sending

'Automatically Send the ticket

Set objItem = Nothing
Set objMail = Nothing
End Sub

Function GetCurrentItem() As Object
Dim objApp As Outlook.Application
Set objApp = Application
On Error Resume Next
Select Case TypeName(objApp.ActiveWindow)
Case "Explorer"
Set GetCurrentItem = _
Case "Inspector"
Set GetCurrentItem = _
Case Else
End Select
End Function

Open in new window

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now