Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Changed Active Directory username and now user's external send emails are rejected

As the Subject line says, I changed a user's last name in Active DIrectory and the new name does not appear in either Mailboxes or People in the Sophos Email Security.  Do I have to manually enter the new name?  In both places?  Is there a way to automatically sync with AD?



This thread was automatically locked due to age.
Parents
  • Steve,

    When you configured Active Directory Synchronization it should have allowed you to set the number of hours between synch. I also recommend if you are making changes to manually go in and initiate a synch of the directory to avoid disruptions. Let us know if this has been solved or if needed open a support case.

Reply
  • Steve,

    When you configured Active Directory Synchronization it should have allowed you to set the number of hours between synch. I also recommend if you are making changes to manually go in and initiate a synch of the directory to avoid disruptions. Let us know if this has been solved or if needed open a support case.

Children
  • How do I initiate a manual sync?

  • Go to settings and Directory Service and find your configured configuration and open it up and click Synchronize 

  • It turns out that AD Sync was not running.  I installed it and now all is well.  Thanks for the response.

    One final question: can you point me to a document that explains how "People" and "Mailboxes" work?  Why are they different?  How do I know which ones I can delete?

  • Because Sophos Central manages many products that we produce we need both People and Mailboxes. Endpoint for instance isn't concerned with the user having a mailbox so the People designation is important where Email requires the Person to have a valid email address (think recipient validation). If you delete a person who has a mailbox and don't synch then we will reject email for that person both inbound and outbound. If you delete a person who doesn't have a mailbox but was automatically created say via the endpoint agent the next time that agent checks in it will likely recreate the People object. I wouldn't be concerned over that. 

    One thing about AD Synch that I frequently see with customers is configuring to synch at the very top level DC=domain, DC=com but you can often run into issues where you will get external addresses synched into your Central (mail contacts) my recommendation is find the level where your Active Users are operating, OU=Users,DC........