Solved

Creating custom attribute using ExtensionAttribute Exchange 2010

Posted on 2014-02-12
7
1,311 Views
Last Modified: 2014-02-19
As always, I'm coming to my wonderful source for solutions to my question.
I work for a school district and we're becoming a Google district.  The email address needs to be "username@domain.us" and our main email address is longer (username@domain.k12.ca.us).  We have 2 accepted domains (the k12.ca.us and just the .us) but the authoritative domain is the k12.ca.us one.
I thought I had changed the AD mail attribute to the shorter "domain.us" but something (probably an Exchange server reboot) changed it back.  This has caused an issue with the synchronization of our AD accounts with Google drive.
I'm pretty sure I can use any of the ExtensionAttribute1-15 attributes to create a custom attribute without having to extend the schema.
What I need is assistance with the powershell command or script that will allow me to first name the attribute and then use a .CSV file to populate the email address for each staff and student account.
Please point me in the right direction.  I'm still somewhat new to powershell and am not a programmer but I can handle up to moderately complex commands and scripts.
Thanks for any input.
0
Comment
Question by:skbarnard
  • 4
  • 2
7 Comments
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39855772
Just few questions:

1. Do you mean .us is default authoritative domain? I suppose both should be authoritative domains and one is default.
2. WHat e-mail address policies do you have? Maybe you have only one and this has changed all the users back to the old e-mail address.
3. Do you want both e-mail addresses to be set for the users?


I can provide you the script, but solve your issue with the above suggestions.
0
 

Author Comment

by:skbarnard
ID: 39856439
Both domains are authoritative, the k12.ca.us is the default.  I'm hesitant to change the default to the .us domain because I don't know what will happen with the email flow.
We have 1 email policy but it's not applied (not enabled)
If we weren't going Google, it wouldn't matter which email address is used but we've told Google that the .us email is what we want to use so it can now only be the .us email.
We'll very likely be switching our staff email to gmail in a couple of months but until we make that transition, I need the account synchronization to function in our current environment.  Google suggested creating a new attribute to put the email address in so that if the mail attribute changes back to the k12.ca.us address, synchronization will sitll work because Google won't be looking at the mail attribute.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39857273
Changing the default domain won't fix your issue. My suggestion would be to use an email address policy to apply the correct default email address to each account. If you want to use a custom attribute, you can do that but you can't rename the attribute. You can only set a value.

-JJ
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Accepted Solution

by:
skbarnard earned 0 total points
ID: 39857708
Turns out I can use an existing attribute - userPrincipalName.  There's a value already in there - the student email address but it's pointing to the main domain (domain.us).  We've decided the students will be student.domain.us so I need to change the value in userPrincipalName to student.domain.us.
I had to do a custom search query to get all the users I needed to add (or change) the userPrincipalName attribute on.
I imported that list to a .CSV file and then imported that file into powershell.
I'm still currently running this PS command
foreach($user in $StuData){Set-ADUser $user.StudentNumber -userPrincipalName $user.UPName}
It appears to be working but there's a lot of users for it to iterate through.
0
 
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 100 total points
ID: 39857781
I would be extremely careful as changing the UPN could cause things to break. If your users use the UPN to log on to any systems they will need to use the new format.

-JJ
0
 

Author Comment

by:skbarnard
ID: 39860551
Thank you for the warnng jjmck.  We have succeeded with using the UPN; we haven't heard of anything going awry (yet) but I'll be monitoring to make sure we don't.
0
 

Author Closing Comment

by:skbarnard
ID: 39869830
This is the solution that worked in my particular case.  All the comments were very helpful
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question