KB ID 0001072
Problem
Update: Here is an easier Solution
Earlier in the year, I had a problem with Certificate Services, every time it tried to issue a ‘user’ certificate it gave me an error because the user did not have an email address specified on their user object in AD. At the time I thought “I wish I know enough PowerShell, to just put an email address in all the users e-mail attribute”. So while building an 802.1x lab the same problem came up again, this time I had a bit more time to solve the problem.
Solution
OK, I’m the first to admit this is a ‘quick and dirty’ fix, it might not be what you want, but it may send you in the right direction. My test network had about 500 users and no Exchange etc, so my thought was, “Why not see if I can copy all the users UPN’s to the email address fields?”. Because even though they are not email addresses they look like them, and if I did have Exchange, then username@domain-name.domain-extention would work anyway, (unless I’d changed the addressing policy from the default).
1. Lets enumerate all the domain users, and see who has an entry in the email address field.
2. Either download this one, or use the following to create a PowerShell Script, and run it.
Populate “mail” attribute with UPN Import-Module ActiveDirectory.
Get-ADUser -LDAPFilter '(userPrincipalName=*)' ` -Properties userPrincipalName,mail | Select-Object * | ` ForEach-Object { Set-ADObject -Identity ` $_.DistinguishedName -Replace ` @{mail=$($_.userPrincipalName)} }
3. Now re-run the command we used originally and hopefully all you users have a ‘mail’ attribute.