Active Roles

Active roles assigning duplicate smtp address

Hello,

Current ARS version deployed : 6.9.0.5483

It is noticed that activeroles assigns duplicate smtp address to newly created mailbox/contacts.

This means that it assigns same email address to object 2 even if it is assigned to object 1

This issue is noticed for mailboxes as well as contacts.

Referred article and issue is described.

Ref : https://support.oneidentity.com/active-roles/kb/230143

Request you to please help if there is any hotfix for this

Regards,

Ajit

 

 

  • below is my understanding.

    Email address is to be set by Exchange side (ARS calls Exchange cmdlets) and Exchange side is responsible to check the uniqueness against whole Exchange Organization. It is as per MSFT Best Practices.

    Example: Exchange Org server multiple Domains A,B,C and ARS registers A only (and does not see B,C). How ARS will enroce the uniqueness?

    If ARS got legacy User Provision workflow from Exchange 2000 days and still manages email/smtp addresses directly as LDAP attributes (legacy custom script), then the legacy workflow must be changed.
  • Hello,

    Thank you for the reply.
    Exchange will not permit assigning email address if the same is already assigned.

    Could you please help to clarify the statement in the article

    When modifying the mail attribute via the E-mail field in the General tab of the User Properties dialogue, Active Roles does not check if the address is unique, potentially resulting in duplicate email addresses.
  • Hmmm....in my experience, setting the mail attribute in the General tab does not actually update the user's primary SMTP address in Exchange. Normally (i.e. natively in AD/Exchange), the contents of that attribute actually **come from** the primary SMTP address as defined by Exchange so the contents of 'mail' flow **down** FROM Exchange and not the other way around.

    Indeed, it is not correct to attempt update of the primary SMTP address by changing this attribute - rather, this action should be performed on the user E-mail addresses (proxyaddresses) attribute in the user's Exchange properties.

  • Hello,

    Thanks again.
    As it is listed as product defect , do you suggest to upgrade to which version.

    Thanks and Regards,
    Ajit
  • >Description
    When modifying the mail attribute via the E-mail field in the General tab of the User Properties dialogue, Active Roles does not check if the address is unique, potentially resulting in duplicate email addresses.<

    looks confusing. My understanding
    User | General Tab| E-mail -is just to show primary SMTP: address and not to change it.
    AD ADmin needs to use User | Email Addresses tab to set smpt addresses and this is expected to trigger Exchange cmdlet.