3.1.1.3.2 GetEmailAddressForAccount

GetEmailAddressForAccount is an abstract interface that returns an email address belonging to a specified account. The interface takes one parameter named account of type DomainAccount and returns the email address as a string. The email address can be retrieved from an external source, such as Active Directory. If Active Directory is used, the following procedure returns the email address using LDAP as specified in [RFC2251].

The procedure uses the following local variables:

ActiveDirectory_Connection: An ADConnection handle (see [MS-ADTS] section 7.2).

Return_Value: A string containing the email address to return. This variable is initialized to NULL.

  1. Invoke the "Initialize ADConnection" task ([MS-ADTS] section 7.6.1.1) to construct an ADConnection handle, with the following parameters:

    • TaskInputTargetName: The value of ForestName (section 3.1.1.2.4).

    • TaskInputPortNumber: 3268

    Store the created ADConnection handle in the ActiveDirectory_Connection variable.

  2. Invoke the "Setting an LDAP Option on an ADConnection" task ([MS-ADTS] section 7.6.1.2) with the following parameters:

    • TaskInputADConnection: ActiveDirectory_Connection

    • TaskInputOptionName: LDAP_OPT_PROTOCOL_VERSION

    • TaskInputOptionValue: 3

  3. Invoke the "Establishing an ADConnection" task ([MS-ADTS] section 7.6.1.3) with the following parameters:

    • TaskInputADConnection: ActiveDirectory_Connection

    If the TaskReturnStatus returned is not 0, skip to step 7.

  4. Invoke the "Performing an LDAP Bind on an ADConnection" task ([MS-ADTS] section 7.6.1.4) with the following parameters:

    • TaskInputADConnection: ActiveDirectory_Connection

    If the TaskReturnStatus returned is not 0, skip to step 7.

  5. Invoke the "Perform an LDAP Operation on an ADConnection" task ([MS-ADTS] section 7.6.1.6) with the following parameters:

    • TaskInputADConnection: ActiveDirectory_Connection

    • TaskInputRequestMessage: LDAP SearchRequest message ([RFC2251] section 4.5.1), as follows:

      • baseObject: EMPTY string

      • scope: wholeSubtree

      • filter: (&(|(objectSid=<SID>)(sIDHistory=<SID>))(|(objectcategory=computer)(objectcategory=person))), where "<SID>" is replaced with the value of the SID field of account.

      • attributes: mail

      • derefAliases: neverDerefAliases

      • typesOnly: FALSE

    • TaskOutputResultMessage: Upon successful return from the task, this parameter contains the results of the LDAP search.

    If the TaskReturnStatus returned is not 0, proceed to step 6. Otherwise, Return_Value is set to  the value of the mail attribute of the SearchResultEntry of the first LDAPMessage of the TaskOutputResultMessage.

  6. Invoke the "Perform an LDAP Unbind on an ADConnection" task ([MS-ADTS] section 7.6.1.5) with the following parameters:

    TaskInputADConnection: ActiveDirectory_Connection

  7. The procedure returns Return_Value.