Can arbitrary email addresses be stored in AD userPrincipalName?

Posted by Rob Potter on Server Fault See other posts from Server Fault or by Rob Potter
Published on 2011-10-17T10:30:51Z Indexed on 2011/11/16 10:00 UTC
Read the original article Hit count: 248

Filed under:

active-directory

|

isa

I have a web app that is front-ended by ISA, natively authenticating against AD. All users currently log on with sAMAccountName. I would like to allow users to provide a personal email address and be able to authenticate against this instead.

From what I understand the AD userPrincipalName is typically used for an internally generated logon name, which by convention, is often their internally generated email address. The web app that I have is web scale (circa 3 million accounts*) and not an internal, corporate app, so the email addresses will be from diverse domains. Can I just set the AD userPrincipalName attribute to the user's email address, and then will ISA natively authenticate against this attribute instead? I heard rumours of AD having a maximum number of domain suffixes that it allows in AD userPrincipalName...? (presumably it catalogues them).

[*I realise that AD is not the ideal authentication directory for a user population of this scale.]

© Server Fault or respective owner

Related posts about active-directory

Can't join OS X Mavericks to AD Domain

as seen on Server Fault - Search for 'Server Fault'
I'm attempting to join an OS X Mavericks (10.9) client to a Windows Server 2008 Active Directory domain, however the bind fails with this error in the OS X client's system.log: Oct 24 15:03:15 host.domain.com com.apple.preferences.users.remoteservice[5547]: -[ODCAddServerSheetController handleOtherActionError:… >>> More
Retrieve user details from Active Directory using SID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her SID. I don't want to rely on other attributes, since I am trying to detect changes to these. Example: I get a message about a change to user record containing: Message: User Account Changed: Target Account Name: test12 Target… >>> More
Retrieve user details from Active Directory using GUID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Retrieve user details from Active Directory using GUID [closed]

as seen on Super User - Search for 'Super User'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Office365 DirSync Active Directory Integration

as seen on Server Fault - Search for 'Server Fault'
I am preparing to deploy Office365 for my organization. We have an on premise Active Directory Domain Controller (Windows Server 2012 R2). We would like to leverage our Active Directory for: automatic user provisioning in Office365, and password synchronization, using the DirSync tool. Our Active… >>> More

Related posts about isa

How to have internet connection over VPN while "Microsoft Firewall Client for ISA server" is running

as seen on Server Fault - Search for 'Server Fault'
I have the software mentioned in the title running on my machine. When I connect over VPN to my company's network, my internet connection gets borked, because somehow the ISA firewall blocks it. This is completely idiotic, because my work involves extensive use of the internet, so having to disconnect… >>> More
TeamCity EC2 Integration via ISA Server

as seen on Server Fault - Search for 'Server Fault'
I have a TeamCity server which is actually installed on SBS 2003 Premium with ISA Server (firewall/proxy) installed. My ADSL connection has multiple IP addresses, which all resolve directly to my SBS external NIC. The NIC is therefore multi-homed and I have allocated one of the IP addresses specifically… >>> More
ISA forms authentication problems after installing moss sp2

as seen on Server Fault - Search for 'Server Fault'
Guys I have a problem that's flared back up after installing WSS and MOSS service pack 2. The problem centers around the users being prompted to enter credentials when interacting with office documents. This problem came up before and I was able to go into ISA server and configure a persistent cookie… >>> More
No sound after video card replaced (AMD Radeon HD 7770)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Issue: no sound System: Dual boot Windows 7 (sda) Ubuntu 12.04 (sdb) 2 harddrives Dell XPS 730 Video card: AMD Radeo HD 7770 Diamond Multimedia Sound card: Creative Labs SB X-Fi Additional info: My sound used to work. Then, my old video card (NVIDIA geforce 280) died. I bought and… >>> More
Moose ,isa and regex

as seen on Stack Overflow - Search for 'Stack Overflow'
Can I use isa in Moose with a regex as a parameter ? If not possible can I achieve the same thing with someothing other than ->isa ? >>> More