How to configure Exchange to enable logging in with Email address, preferably without changing userPrincipalName
attribute in AD?
AD domain is example.com
therefore typical userPrincipalName
is username@example.com
. However email addresses look different – givenname.surname@example.net
i.e. in different domain and contain person name instead of username.
What are the options?
Unfortunately I'm not a system administrator neither experienced with MS products. Detailed answers are appreciated.
Best Answer
Why?
For detailed answer... By definition of User-Principal-Name attribute:
So UPN is the only valid login name for user and by convention (and for better user experience) it should be same as the primary email address set in Proxy-Addresses attribute. Even when you add or remove email addresses in Exchange admin center EAC or by using the Exchange Management Shell it will actually change your Proxy-Addresses:
In multi-domain systems you can achieve this by ensuring that both parts of the UPN
matches the primary SMTP address. The UPN suffix doesn't depend on the Active Directory domain (collection of objects) where the OU and the user are stored as it can also be another domain from the forest or any domain listed in UPN-Suffixes attribute.
A UPN suffix has the following restrictions (from User Naming Attributes):
How?
As described above, you need to change the
userPrincipalName
. However, you don't have to change your AD domain name as you can Add User Principal Name Suffixes:The additional domains will appear on the suffix side of Account: User logon name in User Properties window and you can change it to match the primary SMTP address.
Your prefix didn't match, either. I suggest changing your usernames to match the
givenname.surname
prefix used in your email addresses. Usernames aren't limited to 20 characters anymore. However, if some local systems are limited to shorter usernames, you can preservesAMAccountName
for that.