?
Solved

Creating custom attribute using ExtensionAttribute Exchange 2010

Posted on 2014-02-12
7
Medium Priority
?
1,397 Views
Last Modified: 2014-02-19
As always, I'm coming to my wonderful source for solutions to my question.
I work for a school district and we're becoming a Google district.  The email address needs to be "username@domain.us" and our main email address is longer (username@domain.k12.ca.us).  We have 2 accepted domains (the k12.ca.us and just the .us) but the authoritative domain is the k12.ca.us one.
I thought I had changed the AD mail attribute to the shorter "domain.us" but something (probably an Exchange server reboot) changed it back.  This has caused an issue with the synchronization of our AD accounts with Google drive.
I'm pretty sure I can use any of the ExtensionAttribute1-15 attributes to create a custom attribute without having to extend the schema.
What I need is assistance with the powershell command or script that will allow me to first name the attribute and then use a .CSV file to populate the email address for each staff and student account.
Please point me in the right direction.  I'm still somewhat new to powershell and am not a programmer but I can handle up to moderately complex commands and scripts.
Thanks for any input.
0
Comment
Question by:skbarnard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39855772
Just few questions:

1. Do you mean .us is default authoritative domain? I suppose both should be authoritative domains and one is default.
2. WHat e-mail address policies do you have? Maybe you have only one and this has changed all the users back to the old e-mail address.
3. Do you want both e-mail addresses to be set for the users?


I can provide you the script, but solve your issue with the above suggestions.
0
 

Author Comment

by:skbarnard
ID: 39856439
Both domains are authoritative, the k12.ca.us is the default.  I'm hesitant to change the default to the .us domain because I don't know what will happen with the email flow.
We have 1 email policy but it's not applied (not enabled)
If we weren't going Google, it wouldn't matter which email address is used but we've told Google that the .us email is what we want to use so it can now only be the .us email.
We'll very likely be switching our staff email to gmail in a couple of months but until we make that transition, I need the account synchronization to function in our current environment.  Google suggested creating a new attribute to put the email address in so that if the mail attribute changes back to the k12.ca.us address, synchronization will sitll work because Google won't be looking at the mail attribute.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39857273
Changing the default domain won't fix your issue. My suggestion would be to use an email address policy to apply the correct default email address to each account. If you want to use a custom attribute, you can do that but you can't rename the attribute. You can only set a value.

-JJ
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Accepted Solution

by:
skbarnard earned 0 total points
ID: 39857708
Turns out I can use an existing attribute - userPrincipalName.  There's a value already in there - the student email address but it's pointing to the main domain (domain.us).  We've decided the students will be student.domain.us so I need to change the value in userPrincipalName to student.domain.us.
I had to do a custom search query to get all the users I needed to add (or change) the userPrincipalName attribute on.
I imported that list to a .CSV file and then imported that file into powershell.
I'm still currently running this PS command
foreach($user in $StuData){Set-ADUser $user.StudentNumber -userPrincipalName $user.UPName}
It appears to be working but there's a lot of users for it to iterate through.
0
 
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 400 total points
ID: 39857781
I would be extremely careful as changing the UPN could cause things to break. If your users use the UPN to log on to any systems they will need to use the new format.

-JJ
0
 

Author Comment

by:skbarnard
ID: 39860551
Thank you for the warnng jjmck.  We have succeeded with using the UPN; we haven't heard of anything going awry (yet) but I'll be monitoring to make sure we don't.
0
 

Author Closing Comment

by:skbarnard
ID: 39869830
This is the solution that worked in my particular case.  All the comments were very helpful
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question