Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Different Email and AD Domain Problems
  •  
OpTiCz

Messages: 3
Karma: 0
Send a private message to this user
So I have an Active directory domain of na.company.pri
My Email domain is company.com

I've already checked the box for My AD Domain is different from my mail domain.


Anyway, when I create an email box for an AD user, it says it's adding it to na.company.pri; which is fine.

The problem is, once created, and I go to the Kerio tab on the account, it shows the email address of user<_a.t_>na.comany.pri

When looking at the Admin Manual, it should reflect the correct address.

This is currently a problem because once created, my exchange users complain all mail sent to me now comes up as undeliverable.

When I look at the host header, it is infact trying to be delievered to user<_a.t_>na.company.pri
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
OpTiCz wrote on Fri, 04 January 2008 16:55

So I have an Active directory domain of na.company.pri
My Email domain is company.com

I've already checked the box for My AD Domain is different from my mail domain.

Anyway, when I create an email box for an AD user, it says it's adding it to na.company.pri; which is fine.

The problem is, once created, and I go to the Kerio tab on the account, it shows the email address of user<_a.t_>na.comany.pri

When looking at the Admin Manual, it should reflect the correct address.


In Active Directory, it will show user<_a.t_>na.company.pri, but when you go to the Kerio Admin Console and click the Mail Addresses tab for a user, it will show user<_a.t_>company.pri. The server has the different domain name, not AD. The My AD Domain is different from my mail domain setting is for authentication purposes from server to AD. Without that setting, your lookups would be trying to authenticate user<_a.t_>company.pri, which doesn't exist.

OpTiCz wrote on Fri, 04 January 2008 16:55

This is currently a problem because once created, my exchange users complain all mail sent to me now comes up as undeliverable.

When I look at the host header, it is infact trying to be delievered to user<_a.t_>na.company.pri


If it's being delivered to user<_a.t_>na.company.pri, that's a separate, unrelated issue. They're probably using the exchange GAL, or their own address book, which doesn't look at any of the Kerio information. You'll have to manually set the address for users hosted by the Kerio server. Things like the e-mail address on an account's general tab in AD aren't used by Kerio, but may be used by exchange.

Scott
  •  
OpTiCz

Messages: 3
Karma: 0
Send a private message to this user
Thanks for the prompt reply.

As soon as I enable a Kerio account for an existing exchange user, it changes the email address for the user to the <_a.t_>company.pri. Then exchange flips out.

When I look at the illustrations in the admin guide, it shows the account created for the pri domain, but the email address generates to the com domain.

In any case, if this is by design, it sounds like we can't test this in an existing environment because it would break the test users accounts.


Are there any known work arounds so that Kerio doesn't generate the email as the pri domain; even though users need to authenticate against it?

[Updated on: Mon, 07 January 2008 15:35]

  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
OpTiCz wrote on Mon, 07 January 2008 09:31

As soon as I enable a Kerio account for an existing exchange user, it changes the email address for the user to the <_a.t_>company.pri. Then exchange flips out.

I didn't think Kerio changed the address at all. It's stored in an extended part of the schema, which shouldn't affect the exchange mail address field, as far as I know. I could be wrong, but that was my understanding of how it worked. Anything listed on the Kerio tab in AD should exist in extended fields within AD.

Quote:

When I look at the illustrations in the admin guide, it shows the account created for the pri domain, but the email address generates to the com domain.

That's correct, assuming pri domain means your AD domain. The account is created in the AD domain on the network, but in KMS, it's part of the mail domain because of the setting you specified that the mail domain is different from the AD domain. The mail address will look wrong when viewed through AD, but correct when viewed through KMS because of that setting. The mail address, or at least the default mail address listed in AD is really just the AD user logon name (user<_a.t_>ADdomain.com) from the Account tab.

Quote:

In any case, if this is by design, it sounds like we can't test this in an existing environment because it would break the test users accounts.

You shouldn't test in an existing environment for exactly these reasons. You could kill your production environment by installing things like this without knowing what it'll do to your setup and/or infrastructure. Even if you have KMS in production, if you're tied to AD, you need a test environment (or at the very least, a separate AD domain) to test out new versions. Without a test environment, your test server is tied to your live AD domain, any account changes you make through KMS would also affect the live server as well.


Scott
  •  
OpTiCz

Messages: 3
Karma: 0
Send a private message to this user
OK, so on the Kerio Tab in AD, the Main Tab says user<_a.t_>company.pri and when I click email addresses, it also says user<_a.t_>company.pri?

Can you confirm this is what it should be?

Thanks.
  •  
pxh11

Messages: 12
Karma: 0
Send a private message to this user
- Opticz

We have the exact same setup...pretty much.

Our mail domain is root.org while our accounts exist in child.root.org

When you create an AD account map to Kerio it creates the email address in the email tab as account<_a.t_>child.root.org while it should be account<_a.t_>root.org this is the default for Active Directory. You will run into issues with this when dealing with any LDAP queries that use the email field (Contacts and Exchange)

We have to change the email field to match our addresses or run into issues. The email address in the Kerio tab in AD should be where the account actually exists in AD (in our case child.root.org) Kerio will take care of mapping this account to the email address at your domain.
Previous Topic: DSN going to wrong address
Next Topic: KOFF & CLIENT SYNC TOOL
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 21:03:16 CET 2017

Total time taken to generate the page: 0.00526 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.