Announcement

Collapse
No announcement yet.

LDAP mail attribute is missing form AD user account

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP mail attribute is missing form AD user account

    The LDAP mail attribute is missing from the Active Directory user account. I'm getting this message in my Event viewer....can you tell me how to resolve this...

    Thanks,

    Julie

  • #2
    What is the source of the error ?
    Is it related to user trying to enroll for certificate ?

    Take a look here:
    http://www.eventid.net/display.asp?e...nt&phase=1
    Ionut Marin (Last update 7/15/2005):
    Error code 0x80092004 ("Cannot find object or property"). If a user tries to enroll for certificates from a Windows Server 2003 Enterprise Edition certification authority (CA) and the Include e-mail name in subject name option is selected on the template, the user cannot enroll. This problem occurs because the e-mail address is not defined in the Active Directory account of the user who is trying to enroll. The LDAP mail attribute is missing from the Active Directory user account. See Q330238 to fix this problem.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Yes, AutoEnrollment is the source and thank you but I've been to that site, it really is a big help. I don't understand exactly what it wants me to do besides check the Exchange server for the user's email....which user...is it something I have to do in LDAP.....?

      Thanks,

      Comment


      • #4
        It goes like this:

        1) User requests a certificate
        2) The CA uses a template to issue the certificate and one of the fields the template specifies is the user's email
        3) the CA tries to query for the "mail" attribute of the user's object (and fails)
        4) the CA fails to issue the certificate

        You have 2 options:
        1) either mail-enable or mailbox-enable the user (this will make sure the user in question has "mail" attribute set)
        2) Edit the relevant template in the CA so that it does not include the "mail" attribute
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment

        Working...
        X