Two AD accounts, need to have same email

Copper Contributor

Hi, I have two accounts in AD. I need them to be able to use the same email address. The second account does not have a mailbox, so I would like to use my non admin account email address for that account. Is this possible?
Thanks!

17 Replies
No. The only option is having a distribution group that forwards email to both and each having send as from the group and or both using a shared mailbox.

If you are talking for just strictly login then no.

Curious on the use case scenario?

@Chris Webb 

Thanks Chris.

I am running an app to check when the password will expire for our systems accounts. The app would check the email of that systems account and email the user how many days they have left. I have no way of modifying the application, so my alternative is to script it with PS which I prefer not to do. The DL might work, I'll give that a shot, thanks. I'll report back.

@Chris Webb 

Creating the DL and making my normal id the owner worked, thanks.

Hello @bvi1998 , can you please provide some examples on how you did this?  I am in the same situation that I have been requested to send out emails to users for passwords that are going to expire in 14 days.  However, our IT Technicians have two accounts.  One for STANDARD use and one for PRIVILEGED ACCESS.  The privileged access account does not have an email box.  Therefore the script cannot send to that address.  We are using Azure AD Sync and will not allow two objects to have the same value.  IE.  Two AD Accounts having the same EMAIL Address.  Thank you in advance.

 

Dan

Hi @dgolan,

 

could you please rephrase your Q? If an account hasn't a mailbox, how can you send an email to it? 

@Victor Ivanidze 

 

I think that is the point. Say AD sans exchange uses Duo for 2fa.  Duo requires that you set up email with each admin account.  So user has UPN Email address removed for email (Email address removed) & such, + 2nd account w./ UPN Email address removed , and no email.. 

 

OP needs to make Email address removed an Admin for Duo, which has syched from AD/AAD.  Duo also requires an email account for said user. Can the email from ITUSER be duplicated on ITSupport in the email field?

Did anyone figure out the best way to do this? We have the exact same scenario where we use Netwrix to inform users of expiring accounts. Our admin accounts don't have email address but I need the emails sent to the non-admin account email.

Going to try the distribution group method and see if that works.

Thanks,

@bvi1998 

Seem a shared mailbox may fit your case

 

I tried a distribution list and it worked last night as the email was received but now Azure is giving the following error:

 

ProxyAddresses 
SMTP:email address removed for privacy reasons 
 
Error Type: QuarantinedAttributeValueMustBeUniqueLast Attempted At 3/15/2023 11:40 AM

 

Object Type
 
user
group
User Principal Name
 
email address removed for privacy reasons
N/A
Licenses
 

 

View assigned licenses

View assigned licenses
Proxy Addresses
 
 
SMTP:email address removed for privacy reasons
smtp:email address removed for privacy reasons
SMTP:email address removed for privacy reasons
Mailemail address removed for privacy reasons
email address removed for privacy reasons

 

The software looks at the admin users email field and then send an email to that address but in our case the admin user does not have a mailbox in Office 365 so it needs to get sent to the user.  The DL needs to have the same name as the admin user email in order to then send it to the users normal email account.

 

Am I missing something?

 

Thanks.

@NiagaraGuyany success with this?

I wonder what's the best practices when one user has separate accounts for privileged access and a standard user account. How do you receive messages for your admin account?

I noticed that there can be two accounts with the same value for the "mail" field in EntraID, and it works fine. The problem is if you sync with AADConnect. It tries to automatically populate the "proxyAddresses" attribute of the cloud user account object and it gives error. Apart from that error everything works fine. I've tried searching for best practices for two accounts for one user and nothing comes out of it. That's super strange for me, as normally companies use separate accounts. What I've encountered so far is that they simply don't use Azure/Entra notifications, sent to a mailbox, but that doesn't seem correct.

How about adding an alias to your e-mail account then using that alias in AD?

Hi @ka3ak , did you try to do it yourself?

 

This can't work. No matter how many aliases you add to a non-existent mailbox, Exchange can't route them, because the mailbox is non-existent and Exchange doesn't even know about these.
To reply myself - so far distribution lists or shared mailboxes were used. Now we have Plus Email Addressing and it works fine.
Sorry, I was thinking the situation was two user accounts in AD having the same e-mail address (causing sync errors), needing to receive e-mail in only one e-mail account.
As far as I know, AD can contain only unique email addresses. It means you cannot assign the same email address to any other AD object.
Agreed. I was speaking about the situation where you have more than one AD user who must have unique email addresses because AD demands it, but you want messages sent to all of them to go to one email account. Though this is not what the OP was looking for.