AD LDAP aliases

[Bradtechonline]

Here is a question for any of you guys who have some experience in the LDAP for Active Directory..

We are going from an 8 letter logon name for some users into a firstname.lastname login convention. Only problem is this. I believe our Rack F Mainframe lady wants to be able to keep the current naming convention because of a limitation with how many characters we can use.. *Mainframe FTL*..

So I am looking into possibly creating LDAP Aliases for each user so they can be referenced in the AD LDAP with first.lastname and a corresponding 8 letter name.. Is this possible, and a managble solution

 

[JDMnAR1]

Sure, it is a piece of cake to throw stuff in AD, and if there isn't a predefined field that you want to use, there are Extension Attributes available in AD that can be used for whatever your heart desires. However, I would question how you are going to handle mainframe authentication based upon a field in AD, or are you just wanting a repository for maintaining the link between network login and mainframe login?

 

[Bradtechonline]

Originally posted by: JDMnAR1
Sure, it is a piece of cake to throw stuff in AD, and if there isn't a predefined field that you want to use, there are Extension Attributes available in AD that can be used for whatever your heart desires. However, I would question how you are going to handle mainframe authentication based upon a field in AD, or are you just wanting a repository for maintaining the link between network login and mainframe login?

We aren't going to authenticate anything between the two.. I was just w anting a repository for maintaning the current naming convention and the new one.. I believe Rack F which is security for the mainframe uses our current 8 name convention..

My name is Brad Williamson so in our new AD structure we developed we chose to go with

Brad.Williamson@domain.blah.gov

but I would also like to be able to do

Bwilliam@Domain.Blah.Gov

So the mainframe lady can put Bwilliam in her Rack F field, and the two user names be linked together in our LDAP..

How would I go about doing this.. I have a n00b grasp on the overall stuff in ADSI Editor

CN=Username etc. .Been trying to find examples of how this could be done, and not finding any on Google

 

[JDMnAR1]

First off - check out Active Directory Cookbook, it is an excellent resource if you want to script and automate any of this stuff.


Current (assumed):
Network login: domain\bwilliam
SMTP address: bwilliam@domain.blah.gov

Proposed (assumed):
Network login: domain\brad.williamson
SMTP address: brad.williamson@domain.blah.gov

Your sAMAccountName is bwilliam and your mail is bwilliam@domain.blah.gov. Assuming you don't have any additional SMTP aliases, there will only be one SMTP entry in the proxyAddresses attribute. When you rename the account to the new format, instead of eliminating the current SMTP address, retain it and add another one in the new format (make it primary if desired). Then you will have both old and new available in AD as SMTP addresses - one in the mail attribute, and the other as an additional SMTP entry in the proxyAddresses attribute.