Adaxes

List UPN suffix

0 votes

Hello,

is it possible to display menu with all UPN suffix when create new user ?

Thx.

by (360 points)

1 Answer

0 votes
by (216k points)

Hello,

Yes, it's possible. For this purpose, you'll need a certain property that can be used to specify the UPN suffix. You can use one of Adaxes virtual properties that can store string (text) values (e.g. CustomAttributeText1). Such properties are not stored in AD, but can be used the same as any other property of AD objects. You'll need to specify a list of possible UPN suffixes for that property so that users can select one of the available suffixes from a list. Also, you'll need to modify the property generation template for the User Logon Name property so that it is generated taking into account the UPN suffix selected by the virtual property. Finally, you'll need to add the property that you'll chose for specifying UPN suffixes to the form for creating users and remove the User Logon Name property from there so that the property is always generated based on the Property Pattern.

To specify a list of possible UPN suffixes and specify how the User Logon Name must be generated, you'll need to modify a Property Pattern that defines property generation templates and constraints applied to users. By default, this is done by the built-in User Pattern. To modify the built-in User Pattern:

  1. Launch Adaxes Administration Console.

  2. Expand the service node that represents your service.

  3. Navigate to Configuration \ Property Patterns \ Builtin and select the User Pattern.

  4. In the top right-hand corner of the Result Pane (located to the right), click Add.

  5. Select Show all properties.

  6. Select the property that you'll use for specifying UPN suffixes (e.g. CustomAttributeText1).

  7. Switch the radio button to Must be pone of the following values only.
    Click Edit.

  8. In the dialog box that appears, specify a list of possible UPN suffixes and click OK.

  9. Now, you need to configure the Property Pattern so that the User Logon Name property be generated on the basis of the UPN suffix specified. For this purpose, in the Result Pane, double-click the User Logon Name property.

  10. In the Generate default value field, type a pattern for generating the user logon name, for example: %sAMAccountName%@%adm-CustomAttributeText1%, where:

    • %sAMAccountName% is a value reference that will be replaced with the value of the User Logon Name (pre-Windows 2000) property.
    • %adm-CustomAttributeText1% is a value reference that will be replaced with the value of the CustomAttributeText1 property.

    For more information on value references, see the following help article: http://www.adaxes.com/help/?ValueRefere ... ormat.html.

  11. Click ​OK​ and save the Property Pattern.

  12. Also, you.'ll need to configure the page for creating users so that it shows the virtual property for specifying the UPN suffix and doesn't show the User Logon Name property. For information on how to do that, see step 6 in the following tutorial: http://www.adaxes.com/tutorials_WebInte ... diting.htm.

Show 11 previous comments
0

Ok, but isn't that for LDAP attributes only?
Or do I need add similar to this:
<friendlyNameItem>
<ldapName>CustomAttributeText1</ldapName>
<friendlyName>UPN Suffix</friendlyName>
<origin>RFC2256</origin>
</friendlyNameItem>

by (260 points)
0

Hello Niclas,

This also works for Adaxes virtual attributes, however all such atgtributes have the adm- prefix in their LDAP display names. That is, it should look something like this:

<i class="text-italic">
 <friendlyNameItem>
    <ldapName><strong class="text-bold">adm-CustomAttributeText1</strong></ldapName>
    <friendlyName>UPN Suffix</friendlyName>
 </friendlyNameItem>
</i>
by (216k points)
0

Great. Thanks!

by (260 points)
0

Has this functionality changed at all in the 2018 version or is there a better way to accomplish this now?

Hello,

Yes, there is. In addition to populating a custom attribute for the UPN suffix, you can populate one more custom attribute to specify the UPN prefix. For example, you can use CustomAttributeText2. To enable users to edit it, you need to add it to the Web interface form for creating users.

In this case, the Property Pattern Item to generate a default User Logon Name will look as follows:
%adm-CustomAttributeText2%@%adm-CustomAttributeText1%

custom.upn.suffix.and.prefix.png

by (540 points)
0

Hello,

There were no changes in this functionality. The described solution is the best one to accomplish the desired behaviour.

by (272k points)

Related questions

0 votes
1 answer
How do I set a default UPN suffix for user creation?

Hi, I want to change the default UPN suffix for user creation. We only have a single UPN suffix we use at our organization however when we create a user using the web ... We only ever want to use the @mycompany.com so a list of options isn't requried.

asked Jun 29, 2022 by PeterG (40 points)
0 votes
1 answer
Modifying UPN suffix for specific employee Types

Working within a DoD environment all interactive user accounts are required to have an @mil suffix. Within the application though I am unable to make the required change to anything ... environment? The employee types consist of CTR, SVR, WKS, ADMIN, and APP.

asked May 13, 2019 by jason.d.jones (100 points)
0 votes
1 answer
Set UPN suffix within business rule

Is there a way to set a users' UPN Suffix within a business rule (PS script)? I've seen the script to update the suffix based on OU, but our OU structure ... primary email address, or to apply a particular UPN suffix based on department. Either method works.

asked Apr 3, 2017 by steve.newton (50 points)
0 votes
1 answer
How do you update the domain suffix list for an on-premises AD forest in Adaxes?

This note is found in the documentation on how to configure allowed domains in Adaxes 2023. Allowed domain names can only be selected from the alternative UPN suffixes for on- ... required to pick up the change, or is there another way to trigger the update?

asked Jan 31, 2023 by dtb147 (290 points)
0 votes
1 answer
logon wihtout domain suffix/prefix not possible

Hello, our users have to login to the Adaxes web service by using their username and password, no SSO is used. I have configured the option in the web interface ... /access control, but after some weeks/months this happens again. Thank you Regards, Thorsten

asked Jun 4, 2014 by techman26 (240 points)
3,346 questions
3,047 answers
7,772 comments
544,971 users