Avatar of Tim Dawson
Tim Dawson
Flag for United States of America asked on

Active directory user accounts

I have my domain accounts set up with user names not email addresses.  How Can I make it so they can authentic with email address instead of user accounts
Email ClientsExchangeActive Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon

Your not specifying where they authenticate, usernames in an admin iron ent have the format of username@addomainname the addomainname is set when the system onto which they login is joined to the domain.

Presumably you have addomainname.local while your public email is addomainname.com.
An ad user can have multiple email addresses, aliases, ......
Tim Dawson

You are correct.  They authentic with user.doman.local.   I need them to authentic with email.domain.com

Is this a specific application where you have this requirement, if so, you would have to build the email to user translation mechanism.

Not sure whether a user can have two entries or the AD defined with addminanme.local as primary when used to join while accepting addomainname.com as a reference/acceptable substitute.  It is possible for email. I have to recheck the AD structure whether a user record can have multiple username@ type of records.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Tim Dawson

Yes application needs this. How do I build the mechanism?

Is the users's email with which you want them to access part of their user AD contact set?  You would need to search through the AD to locate the username whose email is being provided and use it with the password the user provides to validate.

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Tim Dawson

Ok let me explain better.  I have outlook web access site set up as:  
The user logs in using  <ADAccount> and password.   The AD account user name is something like john245.  He has an email address:  jsmith@<domain>.com
My application needs the login account to be the e-mail address not the john245.
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.

Now that you provided detail, searching for "change exchange owa login use" Displays an assortment of responses some whose links I can not place here.

The powershell Exchange cmdlet that will deal with altering the login from the username to the AD based domain name is:

The implication though as gwickert pointed out is that the user will have to use the username@domain.com to access all resources once this change is made.

An alternative is post processing you know the username, so the email being accessed is known as well ....
Or there is more detail that could further this along?

Hi Tim,

In that case, you can set OWA to use UPN as the login attribute. I actually think more recent (perhaps 2007 plus, don't quote me) allow login via UPN by default. You would then go through my above post of adding a UPN suffix of 'mydomain.com', set that on all users, then it should work.

Further to the above, I read some anecdotal evidence on another site which said that setting UPN to have a custom suffix will NOT stop the default UPN suffix from working. I can't confirm this, so testing would be required.

Hope this helps.