How do I configure Email Domains based on Department while creating or modifying a user?

Question

We have 3 email domains. 1 primary and 2 subsidary companies.

I'm needing to automate setting the email domain during user creation based on department. See attached screenshot.

I'm unable to get this working correctly and would like to see if we could get it working.

I also need to be able to automate this for ongoing maintenance if users move between departments.

Comments

Hello,

Sorry for the confusion, but we are not sure what exactly you need to achieve. Please, describe the desired behavior in all the possible details with live examples.

---

Sorry, I guess I submitted this mid thought.

The issue happens when we run the create user action with the actions above, the process doesn't work. It seems to be trying to modify the email domain in exchange using the old incoorect User Login Name and it never actually works correctly.

---

Hello,

We do not see any issues in your screenshot. The action worked exactly as configured. It just took the value of the Username (schema name userPrincipalName) property and set it as primary SMTP address. Also, you did not provide any insights on how the workflow should actually depend on the user department.

---

As you can see it, sets the User Logon Name to end in @riggsrents.com but when the final workflow runs, it sets it to @riggscat.com. Those should match. It should be setting the user logon name to @riggsrents.com based on department "Cat Rental Store".

The 2 steps later it should modify the mailbox setting to add the @riggsrents.com domain and set it as primary. This is the part that's not working correctly. Its adding the @riggsrents.com domain based on policy.

this is how it looks when finished via the exchange server.

Here is the exchange address policy that's being applied:

I think the underlying issue is that when the action runs, it is using the old %userPrincipalName% instead of the new one,

Answer 1

Hello,

Your assumption is correct and the behavior is by design. The thing is that value references resolve before the entire business rule is executed. As such, no matter what changes you make to the username property in the rule, value reference %username% will resolve into the value existing before all those actions execution.

To achieve the desired, you need to set the username properly. It has to be unique forest wide and thus should not be updated the way you do it. It should be done using a script in a business rule triggering Before creating a user. In this case, the value reference used to set the email address will work as you expect. The following tutorial will be helpful: https://www.adaxes.com/help/ValidateModifyUserInputWithScript.

Comments

Well I guess that makes sense. I have the below script that runs before user creation and works great outside of choosing the secondary email domains.(this is new to us, we used to only use a single email domain) . Can you assist with what I would need to change in order for this to work as expected?

function BuildUsername()
{
    $samAccountNameBuilder = New-Object "System.Text.StringBuilder"
    for ($i=0; $i -lt $args.length; $i++)
    {
        if (-not($args[$i] -is [array]))
        {
            if (-not([System.String]::IsNullOrEmpty($args[$i])))
            {
                [void]$samAccountNameBuilder.Append($args[$i].ToLower())
            }
        }
        elseif ($args[$i].length -eq 3) 
        {
            if (-not([System.String]::IsNullOrEmpty($args[$i][0])))
            {
                $valueLength = $args[$i][1]
                if ($valueLength -gt $args[$i][0].Length)
                {
                    $valueLength = $args[$i][0].Length
                }

                switch ($Args[$i][2])
                {
                    "Beginning"
                    {
                        $value = $args[$i][0].SubString(0,$valueLength).ToLower()
                    }
                    "End"
                    {
                        $value = $args[$i][0].SubString($args[$i][0].Length - $valueLength).ToLower()
                    }
                }
                [void]$samAccountNameBuilder.Append($value)
            }
        }
        else
        {
            $Context.LogMessage("An error occurred while building a username!", "Error")
        }
    }

    return $samAccountNameBuilder.ToString()
}

Import-Module Adaxes

function IsUserNameUnique($username)
{
    $user = Get-AdmUser $username -erroraction silentlycontinue
    return $user -eq $Null
}

function SetUsername($samAccountName, $domainName)
{
    # Update samAccountName
    $Context.SetModifiedPropertyValue("samAccountName", $samAccountName)

    # Update userPrincipalName
    $userPrincipalName = $samAccountName + "@" + $domainName

    $Context.SetModifiedPropertyValue("userPrincipalName", $userPrincipalName)

    # Inform the user
    $Context.LogMessage("User Logon Name (pre-Windows 2000) has been changed to: $samAccountName", "Information")
    $Context.LogMessage("User Logon Name has been changed to: $userPrincipalName", "Information")
}

# Get the username and domain name
$username = $Context.GetModifiedPropertyValue("samAccountName")
$domainName = "%username:format[domain]%"

if ([System.String]::IsNullOrEmpty($domainName))
{
    $domainName = $Context.GetObjectDomain("%distinguishedName%")
}

# Check whether the username is already unique
if (IsUserNameUnique($username))
{
    return
}

# Try building a unique username automatically

# Use Last Name and initial characters of the First Name 
$firstName = $Context.GetModifiedPropertyValue("givenName")
$lastName = $Context.GetModifiedPropertyValue("sn")
for ($i = 2; $i -le $firstName.Length; $i++)
{
    $uniqueUsername = BuildUsername $lastName @($firstName, $i, "Beginning")
    # Check if the username is unique
    if (IsUserNameUnique($uniqueUsername))
    {
        # Update username and exit script
        SetUsername $uniqueUsername $domainName
        return
    }
}

# Failed to generate a unique username. Cancel creation of the new user
$Context.Cancel("Failed to generate a unique username. You need to input a unique username manually.")

---

Hello,

You need to add a specific logic to the script that will call the SetUsername function with the required domain name (second parameter). Unfortunately, we cannot be more specific as we have no information on the desired behavior.