none
Active Directory RRS feed

  • Question

  • We are looking to authenticate against active directory using email address rather than username if at all possible.  Where is the best place to begin?

    Thanks,

    Drew

    Thursday, January 19, 2012 9:40 PM

Answers

  • Users can authenticate to Active Directory using their userPrincipalName, which is an email format name similar to:

    JimSmith@MyDomain.com


    This has to be configured in Active Directory to match their actual email address. The value must be unique in the forest. For more information post your question in the Directory Services forum:

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads

     


    Richard Mueller - MVP Directory Services
    • Marked as answer by Drew Sellner Friday, January 20, 2012 4:48 PM
    Friday, January 20, 2012 1:17 AM
    Moderator

All replies

  • Are you talking about active directory in your organization or in your software's customer's?

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Friday, January 20, 2012 12:15 AM
    Moderator
  • Users can authenticate to Active Directory using their userPrincipalName, which is an email format name similar to:

    JimSmith@MyDomain.com


    This has to be configured in Active Directory to match their actual email address. The value must be unique in the forest. For more information post your question in the Directory Services forum:

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads

     


    Richard Mueller - MVP Directory Services
    • Marked as answer by Drew Sellner Friday, January 20, 2012 4:48 PM
    Friday, January 20, 2012 1:17 AM
    Moderator
  • We are building a public facing website and would like to use their personal email address to authenticate against AD (username@hotmail.com vs username@domain.com).  I have posted my question in the Directory Services forum.

    Thanks,

    Drew

    Friday, January 20, 2012 4:49 PM
  • Hi,

    You need to add the public domain to a forest,  and change for all users the upn in active directory .

    dd UPN suffixes to a forest = https://support.microsoft.com/en-us/kb/243629

    powershell script to change the upn =

    #Replace with the old suffix
    $oldSuffix = 'old.suffix'
    
    #Replace with the new suffix
    $newSuffix = 'new.suffix'
    
    #Replace with the OU you want to change suffixes for
    $ou = "DC=sample,DC=domain"
    
    #Replace with the name of your AD server
    $server = "test"
    
    Get-ADUser -SearchBase $ou -filter * | ForEach-Object {
    $newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
    $_ | Set-ADUser -server $server -UserPrincipalName $newUpn
    }

    • Proposed as answer by Jörg-Devoteam Thursday, August 27, 2015 3:35 PM
    Wednesday, August 19, 2015 2:08 PM