Adaxes

Unique Username and Email address

0 votes

We are currently using the script below to check for a unique username/upn. If the name is not unique, it adds a number to the end. In the Adaxes logs, everything appears to be working just fine. When the script finds a duplicate name, it adds the unique number as expected. The issue is with the email address. We use the upn to create the email address. (hybrid exchange environment) For some reason, the email address gets created with one number higher than expected. Example: Script runs, assigns the upn testuser1 because testuser exist. The email address gets created as testuser2@domain.com. Any idea as to why this would happen? 

$maximumLength = 8 # TODO: modify me
$upnPrefix = "%firstname%%lastname%" # TODO: modify me

function IsUserValueUnique($filter)
{
   $user = Get-AdmUser -LdapFilter $filter -erroraction silentlycontinue
   return $user -eq $Null
}

#Get the username
$username = $Context.GetModifiedPropertyValue("samAccountName")

#Check user name Length
if ($username.Length -gt $maximumLength)
{
    $username = $username.SubString(0 , $maximumLength)
}

#User Logon Name (pre-Windows 2000)
$uniqueUsername = $username
for ($i = 1; $True; $i++)
{
    if (IsUserValueUnique "(sAMAccountName=$uniqueUsername)")
    {
        break
    }

    $difference = $maximumLength - $username.Length - $i.ToString().Length
    if ($difference -lt 0)
    {
        $username = $username.Substring(0, $username.Length + $difference)
    }

    if ([System.String]::IsNullOrEmpty($username))
    {
        $Context.Cancel("Unable to generate a unique username, because the number length exceeds the maximum length of the username")
        return
    }

    $uniqueUsername = $username + $i;
}

#User Logon Name
$upnSuffix = "franklincountyohio.gov"
$uniqueUPN = "$upnPrefix@$upnSuffix"
for ($i = 1; $True; $i++)
{
    if (IsUserValueUnique "(userPrincipalName=$uniqueUPN)")
    {
        break
    }

    $uniqueUPN = "$upnPrefix$i@$upnSuffix"
}

#Update User Logon Name (pre-Windows 2000)
$Context.SetModifiedPropertyValue("samAccountName", $uniqueUsername)

#Update User Logon Name
$Context.SetModifiedPropertyValue("userPrincipalName", $uniqueUPN)
$Context.LogMessage("The username has been changed to " + $uniqueUPN `
  + ".", "Information")
ago by (270 points)
0

Hello,

For troubleshooting purposes, please clarify how exactly the email address is specified. Do you specify it on the create user form? What about the Exchange mailbox, is it provisioned after the user is created?

ago by (15.2k points)
0

The email address is not on the create user form. It is set using the template/script below. It is set after the user is created. Please let me know if there is anything else you need. Thanks! $remoteRoutingAddressTemplate = "%userPrincipalName:format[name]%@companyemail.com" # TODO: modify me

$Context.TargetObject.EnableRemoteMailbox($remoteRoutingAddressTemplate)

ago by (270 points)

1 Answer

0 votes
ago by (15.2k points)

Hello,

Thank you for clarifying. In this case, the value of the mail property is generated by on-premises Exchange, not by Adaxes. Since email addresses must be unique Exchange adds a digit to the email prefix if another mailbox with the same address exists. Most probably the testuser@domain.com and testuser1@domain.com addresses were already in use and Exchange assigned the next available unique address based on the default address policy. As an option, you can check whether the username generated in the script is not used in proxy addresses of other accounts. Unfortunately, we do not have the exact script that adds a digit if the username is not unique or if the username prefix already exists in proxy addresses of other accounts, however, the following repository article should be helpful: https://www.adaxes.com/script-repository/check-whether-username-is-unique-s618.htm.

0

Thanks! I will review this information and see if I can find a solution.

ago by (270 points)

Related questions

0 votes
1 answer
Unique username and UPN with character limit

Hello, I hope someone can help me with a specific script. I have tried to put 2 or 3 together that I have found on here but not having much luck. I am looking to have a ... -upn, but it doesn't seesm to be quite what I'm after. Any help would be appreciated.

asked May 20, 2020 by adantona (40 points)
0 votes
1 answer
Is there an email address my security team can send a security questionnaire to and have it filled out?

My security team is looking to do a security review and would like the vendor to fill out a questionnaire.

asked Aug 25, 2023 by LarrySargent (20 points)
0 votes
1 answer
Unique username

Hi, I am looking for a solution which checks if the username ist unique with the following requirements: If [first letter of first name].[last name] is not possible as username ... letter of first name].[last name]2 I' am looking forward to a hint. Thanks

asked Feb 6, 2023 by boris (550 points)
0 votes
0 answers
Unique username accross all managed domains

Has anyone ever had the business requirement that the usernames of new users be unique across all of the managed domains in the environment? It is easy enough to run a ... the run as service account understand to look further into the other domains as well?

asked Jul 22, 2016 by strikk (360 points)
0 votes
1 answer
Unique Username by removing a letter

Hello, Currently we are using the script from another topic to add a number to the username counting up until it finds a unique name. However, we need the username to still ... changed to " + $userLogonName ` + ".", "Information") Thanks for the assistance.

asked Feb 9, 2016 by jhair (520 points)
3,633 questions
3,321 answers
8,398 comments
548,760 users