0 votes

Hello,

is it possible to display menu with all UPN suffix when create new user ?

Thx.

by (360 points)

1 Answer

0 votes
by (216k points)

Hello,

Yes, it's possible. For this purpose, you'll need a certain property that can be used to specify the UPN suffix. You can use one of Adaxes virtual properties that can store string (text) values (e.g. CustomAttributeText1). Such properties are not stored in AD, but can be used the same as any other property of AD objects. You'll need to specify a list of possible UPN suffixes for that property so that users can select one of the available suffixes from a list. Also, you'll need to modify the property generation template for the User Logon Name property so that it is generated taking into account the UPN suffix selected by the virtual property. Finally, you'll need to add the property that you'll chose for specifying UPN suffixes to the form for creating users and remove the User Logon Name property from there so that the property is always generated based on the Property Pattern.

To specify a list of possible UPN suffixes and specify how the User Logon Name must be generated, you'll need to modify a Property Pattern that defines property generation templates and constraints applied to users. By default, this is done by the built-in User Pattern. To modify the built-in User Pattern:

  1. Launch Adaxes Administration Console.

  2. Expand the service node that represents your service.

  3. Navigate to Configuration \ Property Patterns \ Builtin and select the User Pattern.

  4. In the top right-hand corner of the Result Pane (located to the right), click Add.

  5. Select Show all properties.

  6. Select the property that you'll use for specifying UPN suffixes (e.g. CustomAttributeText1).

  7. Switch the radio button to Must be pone of the following values only.
    Click Edit.

  8. In the dialog box that appears, specify a list of possible UPN suffixes and click OK.

  9. Now, you need to configure the Property Pattern so that the User Logon Name property be generated on the basis of the UPN suffix specified. For this purpose, in the Result Pane, double-click the User Logon Name property.

  10. In the Generate default value field, type a pattern for generating the user logon name, for example: %sAMAccountName%@%adm-CustomAttributeText1%, where:

    • %sAMAccountName% is a value reference that will be replaced with the value of the User Logon Name (pre-Windows 2000) property.
    • %adm-CustomAttributeText1% is a value reference that will be replaced with the value of the CustomAttributeText1 property.

    For more information on value references, see the following help article: http://www.adaxes.com/help/?ValueRefere ... ormat.html.

  11. Click ​OK​ and save the Property Pattern.

  12. Also, you.'ll need to configure the page for creating users so that it shows the virtual property for specifying the UPN suffix and doesn't show the User Logon Name property. For information on how to do that, see step 6 in the following tutorial: http://www.adaxes.com/tutorials_WebInte ... diting.htm.

0

Hello,

Thanks for this tutorial. Could you provide more clarity on the final step? I understand how to customize the web form, however I'm not sure what "virtual property" should be replacing user logon name property. I tried the custom text attribute which doesn't work.

0

Hello,

On the final step, you need to add the custom attribute so that it would be possible to select a UPN suffix from the drop-down list. The User Logon Name property will be generated automatically based on the User Logon Name (pre-Windows 2000) + the UPN suffix specified by the custom attribute.

0

I'm pretty sure I've followed this to the letter but I simply don't seem to have the pulldown or any option to select the UPN to use when creating new users or editing existing users.

If I set the default UPN on the CustomAttributeText1 value it seems to pick it up when I go to create a new user, which suggests the link is in place - but I just cannot choose which UPN to use.

It probably goes without saying but the UPNs have been added to Active Directory and are present if I edit an account in AD U&C.

0

Hello,

The thing is that currently Adaxes does not pull your custom UPN suffixes from Active Directory. We have a request to add support for pulling and allowing to elect custom UPN suffixes in our TODO list. It is a very popular request and will be available in one of the nearest releases.

The steps provided in the List UPN suffix are a workaround until support for custom UPNs is added to Adaxes. On step 7 of the post, you need to provide a list of possible values for the custom attribute. In the list, you need to mention all custom UPNs that can be assigned to users.

As soon as you do this, the list of custom UPNs will be available as a drop-down list when assigning a value to the custom attribute.

0

Hi,

Yes I've done that but I don't want to use the web interface - are you saying it cannot actually be done at all through the native Adaxes GUI?

You'll see I've submitted a distinct ticket to be sure on this.

0

Since the custom attribute is not one of default properties, it won't be displayed in the Properties dialog that brings up when you right-click a user and select Properties. However, this doesn't mean at all that you can't edit the attribute in the Administration Console. When selecting an existing user in the Console Tree, all attributes of the user account are displayed in the Result Pane located to the right. You can edit the attribute directly in the Result Pane. Or, you can use the Add/Modify Property Wizard for this purpose. For more information, see the following help article: http://www.adaxes.com/help/?HowDoI.Mana ... rties.html.

When creating a new user in the Administration Console, you can add the attribute to the new user account on the final step of the Create User wizard.

By the way, if you make the custom attribute required and don't specify a default value, it will be impossible to create a new user in Adaxes without specifying a value for the custom attribute.

0

Ok this gets us 99% there, but is there a way to still specify a UPN prefix that is different than the windows 2000 username? For example, windows 2000 username is DOMAIN\JDOE1, but UPN should be John.Doe@example.com.

0

Is there a way to still specify a UPN prefix that is different than the windows 2000 username? For example, windows 2000 username is DOMAIN\JDOE1, but UPN should be John.Doe@example.com.

0

Hello,

Yes, there is. In addition to populating a custom attribute for the UPN suffix, you can populate one more custom attribute to specify the UPN prefix. For example, you can use CustomAttributeText2. To enable users to edit it, you need to add it to the Web interface form for creating users.

In this case, the Property Pattern Item to generate a default User Logon Name will look as follows:
%adm-CustomAttributeText2%@%adm-CustomAttributeText1%

0

Is there a way to alter the displayname of the "CustomAttributeText1" in the web gui so it can be named UPN Suffix instead?

0

Hello Niclas,

Yes, you can do that. For more information, see the following help article: http://www.adaxes.com/help/?HowDoI.Mana ... Names.html.

0

Ok, but isn't that for LDAP attributes only?
Or do I need add similar to this:
<friendlyNameItem>
<ldapName>CustomAttributeText1</ldapName>
<friendlyName>UPN Suffix</friendlyName>
<origin>RFC2256</origin>
</friendlyNameItem>

0

Hello Niclas,

This also works for Adaxes virtual attributes, however all such atgtributes have the adm- prefix in their LDAP display names. That is, it should look something like this:

<i class="text-italic">
 <friendlyNameItem>
    <ldapName><strong class="text-bold">adm-CustomAttributeText1</strong></ldapName>
    <friendlyName>UPN Suffix</friendlyName>
 </friendlyNameItem>
</i>
0

Great. Thanks!

0

Has this functionality changed at all in the 2018 version or is there a better way to accomplish this now?

Hello,

Yes, there is. In addition to populating a custom attribute for the UPN suffix, you can populate one more custom attribute to specify the UPN prefix. For example, you can use CustomAttributeText2. To enable users to edit it, you need to add it to the Web interface form for creating users.

In this case, the Property Pattern Item to generate a default User Logon Name will look as follows:
%adm-CustomAttributeText2%@%adm-CustomAttributeText1%

custom.upn.suffix.and.prefix.png

0

Hello,

There were no changes in this functionality. The described solution is the best one to accomplish the desired behaviour.

Related questions

0 votes
1 answer

Hi, I want to change the default UPN suffix for user creation. We only have a single UPN suffix we use at our organization however when we create a user using the web ... We only ever want to use the @mycompany.com so a list of options isn't requried.

asked Jun 29, 2022 by PeterG (40 points)
0 votes
1 answer

Working within a DoD environment all interactive user accounts are required to have an @mil suffix. Within the application though I am unable to make the required change to anything ... environment? The employee types consist of CTR, SVR, WKS, ADMIN, and APP.

asked May 13, 2019 by jason.d.jones (100 points)
0 votes
1 answer

Is there a way to set a users' UPN Suffix within a business rule (PS script)? I've seen the script to update the suffix based on OU, but our OU structure ... primary email address, or to apply a particular UPN suffix based on department. Either method works.

asked Apr 3, 2017 by steve.newton (50 points)
0 votes
1 answer

This note is found in the documentation on how to configure allowed domains in Adaxes 2023. Allowed domain names can only be selected from the alternative UPN suffixes for on- ... required to pick up the change, or is there another way to trigger the update?

asked Jan 31, 2023 by dtb147 (290 points)
0 votes
1 answer

Hello, our users have to login to the Adaxes web service by using their username and password, no SSO is used. I have configured the option in the web interface ... /access control, but after some weeks/months this happens again. Thank you Regards, Thorsten

asked Jun 4, 2014 by techman26 (240 points)
3,548 questions
3,238 answers
8,232 comments
547,814 users