• State Verified Answer
  • Replies 3 replies
  • Subscribers 62 subscribers
  • Views 1508 views
  • Users 0 members are here
Options
Related

UPN update problem?

gardianmemeti kavo
over 1 year ago

Have a problem, if the UPN change then  change Primary Mail Address and set the Old Primary Mail Address as an additional Email Address , how can I achieve this?

Top Replies

Parents
  • 0 over 1 year ago

    Hi  

    Depending on the requirements (and complexity), if it were me I'd probably use the below logic

    1) Create a change workflow, triggered on change to a users UserPrincipalName

    2) Add a script activity, where your script would

    a. Update the mail attribute from to be set new UPN

    b. Update proxyAddress

    i. Get a list of all current proxyAddresses

    ii. Get the new smtp address

    iii. If new SMTP address already existing in proxyAddress, then make all other address secondary (lower case before the : character), before ensuring the existing proxy address has upper case characters before the : character)

    iv. If new SMTP address doesn't exist in proxyAddresses, then make all other address secondary (lower case before the : character), before adding the new entry, with uppercase SMTP before the : character

    The user case can get complex, if you have a lot of protocol in use, like SIP, X400, X500 etc etc. As you'll probably want to ensure consistency. Also if you have an environment where UPN (and or other attributes which should trigger a change to the UPN, like a surname change) occur a lot, you may end up in a situation where a user account holds a lot of proxyAddresses, and are never freed up (if you wanted this to occur, you'd need a way to be able to know which addresses should be removed, and when). All this is really down to your requirements, and designing how you want it to work.

    As an example, proxyAddress generally appears as <Protocol>:<Address>, IE

    SMTP:user.test@domain.com

    smtp:user.oldtest@domain.com

    smtp:user.oldertest:domain.com

    Where user.test@domain.com is the primary SMTP address, and the other two a secondary (or other smtp addresses).

    This also apply to SIP addresses (from memory)

    SIP:user.test@domain.com

    sip:user.oldtest@domain.com

    sip:user.oldertest:domain.com

    If it were just the mail attribute being changed, it would be a straightforward workflow, or admin policy. But for proxyAddresses, you also need to validate and ensure that there is only a single primary entriy for each protocol in the list, but also the value being entered is unique (across all users in the domain, you don't have to validate it, but to save you pain later, it makes sense to do that, that would be validating against all users ProxyAddresses as well as mail attributes).

    Hope this helps

    Stu

  • +1 over 1 year ago in reply to Stu.Pollock

    Thank you man , 
    Its done almost like you said. Just I need to add also synch with Azure AD. 

Reply Children
No Data