Link to home
Start Free TrialLog in
Avatar of Tim Dawson
Tim DawsonFlag for United States of America

asked on

Active directory user accounts

I have my domain accounts set up with user names not email addresses.  How Can I make it so they can authentic with email address instead of user accounts
Avatar of arnold
Flag of United States of America image

Your not specifying where they authenticate, usernames in an admin iron ent have the format of username@addomainname the addomainname is set when the system onto which they login is joined to the domain.

Presumably you have addomainname.local while your public email is
An ad user can have multiple email addresses, aliases, ......
Avatar of Tim Dawson


You are correct.  They authentic with user.doman.local.   I need them to authentic with
Is this a specific application where you have this requirement, if so, you would have to build the email to user translation mechanism.

Not sure whether a user can have two entries or the AD defined with addminanme.local as primary when used to join while accepting as a reference/acceptable substitute.  It is possible for email. I have to recheck the AD structure whether a user record can have multiple username@ type of records.
Yes application needs this. How do I build the mechanism?
Is the users's email with which you want them to access part of their user AD contact set?  You would need to search through the AD to locate the username whose email is being provided and use it with the password the user provides to validate.
Avatar of gwickert
Flag of Australia image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok let me explain better.  I have outlook web access site set up as:  
The user logs in using  <ADAccount> and password.   The AD account user name is something like john245.  He has an email address:  jsmith@<domain>.com
My application needs the login account to be the e-mail address not the john245.
Now that you provided detail, searching for "change exchange owa login use" Displays an assortment of responses some whose links I can not place here.

The powershell Exchange cmdlet that will deal with altering the login from the username to the AD based domain name is:

The implication though as gwickert pointed out is that the user will have to use the to access all resources once this change is made.

An alternative is post processing you know the username, so the email being accessed is known as well ....
Or there is more detail that could further this along?
Hi Tim,

In that case, you can set OWA to use UPN as the login attribute. I actually think more recent (perhaps 2007 plus, don't quote me) allow login via UPN by default. You would then go through my above post of adding a UPN suffix of '', set that on all users, then it should work.

Further to the above, I read some anecdotal evidence on another site which said that setting UPN to have a custom suffix will NOT stop the default UPN suffix from working. I can't confirm this, so testing would be required.

Hope this helps.