In schemaless mode by default QAS stores the Unix attributes in the mutli-valued attribute altSecurityIdentities.
e.g.
# /opt/quest/bin/vastool attrs qasuser1
<snip>
altSecurityIdentities: X509:<S>CN=Posix Account<I>CN=Quest Software<DATA>UserGidNumber:1000
altSecurityIdentities: X509:<S>CN=Posix Account<I>CN=Quest Software<DATA>UidNumber:1103644689
altSecurityIdentities: X509:<S>CN=Posix Account<I>CN=Quest Software<DATA>LoginShell:/bin/sh
altSecurityIdentities: X509:<S>CN=Posix Account<I>CN=Quest Software<DATA>LoginName:qasuser1
altSecurityIdentities: X509:<S>CN=Posix Account<I>CN=Quest Software<DATA>HomeDirectory:/home/qasuser1
altSecurityIdentities is defined as an attribute used for Kerberos identities however using this attribute appears to cause an issue for Exchange.
Removing the users unix attributes should resolve the issue for the Exchange user.
To completely remove the unix attributes, you could to use adsiedit and remove the five "X509:<S>CN=Posix Account<I>CN=Quest Software<DATA>" attributes in the users altSecurityIdentities attribute.
Or using vastool
/opt/quest/bin/vastool -u administrator setattrs -m username altSecurityIdentities
If possible consider migrating to a Schema mode - eg. Windows 2003 R2. Alternatively, you could use mapped or Posix Identity Auto-generation (Autogen mode).
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center