Solved

Active Directory extension attributes

Posted on 2014-02-06
8
581 Views
Last Modified: 2014-02-28
Hi,

I have come across an Active Directory account with a mailbox that has an extension attribute with an external email address defined in it.

What would be the purpose of this?
0
Comment
Question by:cmatchett
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39839112
This is most likely a Mail User. A Mail User is a user that has access to login to your domain and also has a mailbox as well. The difference is this user uses an External email address instead of your company.com mailing address.

You can use powershell to view all of the Mail Users in your environment.
get-mailuser | ft 

Open in new window


Will.
0
 

Author Comment

by:cmatchett
ID: 39839124
Hi Will,

Yes, this person called joe bloggs has an email account with an email address in this organisation of joe.bloggs@exchangeorg.com but the extension attribute is for joe.soap@anothercompany.com
0
 

Author Comment

by:cmatchett
ID: 39839135
i should note that i came across this when using ADSI edit
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39839169
Sorry i read this too fast! If it is an Extension Attribute this really doesn't mean anything unless you have filters tied to them, like and Address List. You can use Extension Attributes for example "HR" which you can then use that in an Address List query to build your address lists. So all users that have Extension Attribute1 set as "HR" will be part of this Address List.

That is basically all it is used for.

Will.
0
 

Author Comment

by:cmatchett
ID: 39839244
well the other thing is that one account is an administrative account and the extension attribute seems to be for the personal email address of another one of the administrators.  On this account only
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39839341
The Extension Attribute is only there as a place holder. You can enter anything in there that you like its "arbitrary". As stated those extensions are used if you want to add have specific words to group users together when creating address list or when doing some sort of query.

Your guess is as good as mine why that administrator put that value in there if it is his own Email Address.

Will.
0
 

Author Comment

by:cmatchett
ID: 39841243
I could query AD to see how many other users have this attribute defined?
0
 

Expert Comment

by:ajay_902
ID: 39896741
As per knowledge is concern basicaly custom/extension attribute used for the add the record of user.

Here extention attributes keep user external email id and as i know u can create a custom attribute as per the company requirment. like phone no, home address other field.


http://social.technet.microsoft.com/wiki/contents/articles/20319.how-to-create-a-custom-attribute-in-active-directory.aspx
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question