Solved

Creating custom attribute using ExtensionAttribute Exchange 2010

Posted on 2014-02-12
7
1,366 Views
Last Modified: 2014-02-19
As always, I'm coming to my wonderful source for solutions to my question.
I work for a school district and we're becoming a Google district.  The email address needs to be "username@domain.us" and our main email address is longer (username@domain.k12.ca.us).  We have 2 accepted domains (the k12.ca.us and just the .us) but the authoritative domain is the k12.ca.us one.
I thought I had changed the AD mail attribute to the shorter "domain.us" but something (probably an Exchange server reboot) changed it back.  This has caused an issue with the synchronization of our AD accounts with Google drive.
I'm pretty sure I can use any of the ExtensionAttribute1-15 attributes to create a custom attribute without having to extend the schema.
What I need is assistance with the powershell command or script that will allow me to first name the attribute and then use a .CSV file to populate the email address for each staff and student account.
Please point me in the right direction.  I'm still somewhat new to powershell and am not a programmer but I can handle up to moderately complex commands and scripts.
Thanks for any input.
0
Comment
Question by:skbarnard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 4

Expert Comment

by:pcmghouse
ID: 39855772
Just few questions:

1. Do you mean .us is default authoritative domain? I suppose both should be authoritative domains and one is default.
2. WHat e-mail address policies do you have? Maybe you have only one and this has changed all the users back to the old e-mail address.
3. Do you want both e-mail addresses to be set for the users?


I can provide you the script, but solve your issue with the above suggestions.
0
 

Author Comment

by:skbarnard
ID: 39856439
Both domains are authoritative, the k12.ca.us is the default.  I'm hesitant to change the default to the .us domain because I don't know what will happen with the email flow.
We have 1 email policy but it's not applied (not enabled)
If we weren't going Google, it wouldn't matter which email address is used but we've told Google that the .us email is what we want to use so it can now only be the .us email.
We'll very likely be switching our staff email to gmail in a couple of months but until we make that transition, I need the account synchronization to function in our current environment.  Google suggested creating a new attribute to put the email address in so that if the mail attribute changes back to the k12.ca.us address, synchronization will sitll work because Google won't be looking at the mail attribute.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39857273
Changing the default domain won't fix your issue. My suggestion would be to use an email address policy to apply the correct default email address to each account. If you want to use a custom attribute, you can do that but you can't rename the attribute. You can only set a value.

-JJ
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Accepted Solution

by:
skbarnard earned 0 total points
ID: 39857708
Turns out I can use an existing attribute - userPrincipalName.  There's a value already in there - the student email address but it's pointing to the main domain (domain.us).  We've decided the students will be student.domain.us so I need to change the value in userPrincipalName to student.domain.us.
I had to do a custom search query to get all the users I needed to add (or change) the userPrincipalName attribute on.
I imported that list to a .CSV file and then imported that file into powershell.
I'm still currently running this PS command
foreach($user in $StuData){Set-ADUser $user.StudentNumber -userPrincipalName $user.UPName}
It appears to be working but there's a lot of users for it to iterate through.
0
 
LVL 37

Assisted Solution

by:Jamie McKillop
Jamie McKillop earned 100 total points
ID: 39857781
I would be extremely careful as changing the UPN could cause things to break. If your users use the UPN to log on to any systems they will need to use the new format.

-JJ
0
 

Author Comment

by:skbarnard
ID: 39860551
Thank you for the warnng jjmck.  We have succeeded with using the UPN; we haven't heard of anything going awry (yet) but I'll be monitoring to make sure we don't.
0
 

Author Closing Comment

by:skbarnard
ID: 39869830
This is the solution that worked in my particular case.  All the comments were very helpful
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question