0 votes

My AD domain is domain.com and all of my users have a UPN of first.last@domain.com, which matches their email address. Everyone can login to self service using the UPN without any issue., we instruct them to use their "email address" as the uesrname.

I have a group of users in my domain that I do not host their email. They actually are part of an entirely separate AD domain and there is no trusts to that domain, nor can there be. But, thees users need logins in my domain for some of our resources, and to show up in our GAL. We have created "mail userr" objects for them in AD/Exchange. This is different than a regular AD user in that they have an AD account but the email address is an external address (like a contact) These users have a UPN of first.last@domain.com and an email address defined of first@otherdomain.com

I'd like to allow these users to login to self-service using their email address (first@otherdomain.com). To try and make this worked I added "Email" and "Email Proxy Address" as additional properties in self-service admin, properties for users section.

When I then try to login to self servce using first@otherdomain.com, I receive a red message saying "'otherdomain.com' is not operational"

Is there any way to make this work?

by (220 points)
0

Hello,

Sorry for the confusion, but we are not sure we understand you correctly. Do the users in question actually exist in the domain.com domain as user accounts and have the Email property set to first@otherdomain.com? What exactly do you mean by “created mail user objects”?

Where exactly did you add the Email and Email Proxy Addresses properties? Could you, please, post here or send us (support[at]adaxes.com) a screenshot?

0

Sorry for the confusion, but we are not sure we understand you correctly. Do the users in question actually exist in the domain.com domain as user accounts and have the Email property set to first@otherdomain.com?

Correct. I do not host email @otherdomain.com within my AD domain where these users exist.

What exactly do you mean by “created mail user objects”?

In Exchange Control Panel, this is done by going to Recipients -> Contacts -> New -> Mail User. This process creats a a full AD user object that also has Exchange attributes like a contact. This tells the Exchange server the email associated with the AD user object is an external SMTP address. This object has no Exchange mailbox.

Where exactly did you add the Email and Email Proxy Addresses properties?

This was done in Adaxes Website Configuration (http://www.selfserviceurl.com/adaxesconfig) -> Common Sign In -> Sign In section -> Username sub-section -> Property for Username

The Self-Service site in the Adaxes Website Configuration is set to "use the common sign in page" under the Sign In section of the Self-Service site config

1 Answer

0 votes
by (289k points)
selected by
Best answer

Hello,

Thank you for the provided details.

It looks like you have the sign in settings configured correctly. Could you make sure that the Email property of the users stores the correct email addresses? Also, please, refresh the Sign In page using Ctrl+F5 before checking the updates made to the sign in settings.

If the emails are correct, but the issue persists, please, specify the version of Adaxes you are currently using. To check that:

  1. Launch Adaxes Administration Console.
  2. In the Console Tree, right-click your service.
  3. In the context menu, click Properties.
  4. Adaxes version will be displayed on the General tab.
0

CTRL-F5 did the trick, it's now working.

Related questions

0 votes
1 answer

We have multiple secondary domains that are being managed by Adaxes. Everything seems to be working except self service portal login. We tested with our other secondary domains and those ... other than sign failed. What else can I look at to figure this out?

asked Aug 21, 2020 by mark.it.admin (2.3k points)
0 votes
1 answer

Hello, I am trying to find out if there is a way to tag/add a commonly used internal name after a domain name in adaxes, to make it easier for helpdesk ... domain.local - Development Domain Instead of just pdydev742.domain.local Any ideas? Thanks very much.

asked Jul 16, 2018 by Jasonmh (540 points)
0 votes
1 answer

We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external ... user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?

asked Apr 10 by awooten (80 points)
0 votes
1 answer

It appears under the selfservice website that users can not search past the domain they are in. We have items in different domains. How can I open up search to allow the other domains? I've looked at the config for the web interface and I'm not sure.

asked Aug 20, 2020 by ComputerHabit (790 points)
0 votes
1 answer

I see the script for generating a report of users enrolled, but what I'd like to do is run a script that can populate a user attribute with Yes/No or True/False if they are or are not enrolled. Is there an existing script that accomplishes this? Thanks

asked 3 days ago by msheppard (470 points)
3,548 questions
3,238 answers
8,232 comments
547,810 users