Solved

Active Directory extension attributes

Posted on 2014-02-06
8
530 Views
Last Modified: 2014-02-28
Hi,

I have come across an Active Directory account with a mailbox that has an extension attribute with an external email address defined in it.

What would be the purpose of this?
0
Comment
Question by:cmatchett
  • 4
  • 3
8 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39839112
This is most likely a Mail User. A Mail User is a user that has access to login to your domain and also has a mailbox as well. The difference is this user uses an External email address instead of your company.com mailing address.

You can use powershell to view all of the Mail Users in your environment.
get-mailuser | ft 

Open in new window


Will.
0
 

Author Comment

by:cmatchett
ID: 39839124
Hi Will,

Yes, this person called joe bloggs has an email account with an email address in this organisation of joe.bloggs@exchangeorg.com but the extension attribute is for joe.soap@anothercompany.com
0
 

Author Comment

by:cmatchett
ID: 39839135
i should note that i came across this when using ADSI edit
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39839169
Sorry i read this too fast! If it is an Extension Attribute this really doesn't mean anything unless you have filters tied to them, like and Address List. You can use Extension Attributes for example "HR" which you can then use that in an Address List query to build your address lists. So all users that have Extension Attribute1 set as "HR" will be part of this Address List.

That is basically all it is used for.

Will.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:cmatchett
ID: 39839244
well the other thing is that one account is an administrative account and the extension attribute seems to be for the personal email address of another one of the administrators.  On this account only
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39839341
The Extension Attribute is only there as a place holder. You can enter anything in there that you like its "arbitrary". As stated those extensions are used if you want to add have specific words to group users together when creating address list or when doing some sort of query.

Your guess is as good as mine why that administrator put that value in there if it is his own Email Address.

Will.
0
 

Author Comment

by:cmatchett
ID: 39841243
I could query AD to see how many other users have this attribute defined?
0
 

Expert Comment

by:ajay_902
ID: 39896741
As per knowledge is concern basicaly custom/extension attribute used for the add the record of user.

Here extention attributes keep user external email id and as i know u can create a custom attribute as per the company requirment. like phone no, home address other field.


http://social.technet.microsoft.com/wiki/contents/articles/20319.how-to-create-a-custom-attribute-in-active-directory.aspx
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now