Solved

Active Directory extension attributes

Posted on 2014-02-06
8
539 Views
Last Modified: 2014-02-28
Hi,

I have come across an Active Directory account with a mailbox that has an extension attribute with an external email address defined in it.

What would be the purpose of this?
0
Comment
Question by:cmatchett
  • 4
  • 3
8 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39839112
This is most likely a Mail User. A Mail User is a user that has access to login to your domain and also has a mailbox as well. The difference is this user uses an External email address instead of your company.com mailing address.

You can use powershell to view all of the Mail Users in your environment.
get-mailuser | ft 

Open in new window


Will.
0
 

Author Comment

by:cmatchett
ID: 39839124
Hi Will,

Yes, this person called joe bloggs has an email account with an email address in this organisation of joe.bloggs@exchangeorg.com but the extension attribute is for joe.soap@anothercompany.com
0
 

Author Comment

by:cmatchett
ID: 39839135
i should note that i came across this when using ADSI edit
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39839169
Sorry i read this too fast! If it is an Extension Attribute this really doesn't mean anything unless you have filters tied to them, like and Address List. You can use Extension Attributes for example "HR" which you can then use that in an Address List query to build your address lists. So all users that have Extension Attribute1 set as "HR" will be part of this Address List.

That is basically all it is used for.

Will.
0
 

Author Comment

by:cmatchett
ID: 39839244
well the other thing is that one account is an administrative account and the extension attribute seems to be for the personal email address of another one of the administrators.  On this account only
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39839341
The Extension Attribute is only there as a place holder. You can enter anything in there that you like its "arbitrary". As stated those extensions are used if you want to add have specific words to group users together when creating address list or when doing some sort of query.

Your guess is as good as mine why that administrator put that value in there if it is his own Email Address.

Will.
0
 

Author Comment

by:cmatchett
ID: 39841243
I could query AD to see how many other users have this attribute defined?
0
 

Expert Comment

by:ajay_902
ID: 39896741
As per knowledge is concern basicaly custom/extension attribute used for the add the record of user.

Here extention attributes keep user external email id and as i know u can create a custom attribute as per the company requirment. like phone no, home address other field.


http://social.technet.microsoft.com/wiki/contents/articles/20319.how-to-create-a-custom-attribute-in-active-directory.aspx
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question