After changing the Active Directory (AD) domain or user name, no Spam is visible in Spam Console.

This article applies to:

• Trustwave MailMarshal (SEG) Spam Quarantine Management (SQM)
• Trustwave ECM/MailMarshal Exchange 7.X Quarantine Management
• Windows authentication
• Automatic retrieval of addresses from Active Directory

Symptoms:

• After changing the user logon name of an Active Directory (AD) user, the user does not see their blocked mail in the SQM, and cannot manage their settings such as aliases and safe/blocked senders.
• After changing the AD domain name, all users experience the above symptoms.
• No spam or blocked mail is visible in SQM for affected users.
• Notes:
  • This issue relates specifically to the account logon information (domain and logon name such as example\auser or auser@example.com). These symptoms will not be caused by a change in the user's Display Name.
  • These symptoms will not be caused by a change in email addresses (primary or alias). Any changes made to a user's email addresses in AD should be reflected in the SQM Email Addresses list at the next login (if retrieval from AD was selected).

Causes:

If you are using the Windows authentication option in SQM, changing the Active Directory (AD) domain name or user logon name breaks the association between the Windows user and the SQM user.

• Email users may have problems viewing their quarantined mail via SQM.
• Delegation settings ("Let another user review my blocked email" option) will be lost.
• Additional email addresses added by the users will no longer be visible in the SQM.
• Email aliases may not be added automatically for the "new" user, because they are already associated with the "old" user.

You can verify this issue in either of two ways:

1. Using the Administrator account in the SQM, navigate to the Administrator > Users tab. You will find the original user entry and also a new entry with the updated login credential.
2. Using SQL Management Studio (or Enterprise Manager) to view the SEG Database:
   • Note the contents of the User table, and in particular the new UserName entries (reflecting the new AD name) with associated UserIDs.
   • Note the entries in the UserAlias table for the users' email addresses. The UserID of these entries matches the UserID for the old AD names.

Resolution:

1. Ensure the affected user is not connected to SQM (close all windows of the user's browser).
2. Log in to the Administrator account in the SQM. In the Administrator > Users tab of the SQM, find and delete the NEW (renamed) user entry (if any).
   • You can also find and delete this row in the SEG or ECM database, Users table.
   • If the new entry does not exist, the user has never connected successfully with the new credential. Continue to the next step.
3. Connect to the SQL server using SQL Management Studio (or Enterprise Manager).
4. In the SEG or ECM database, Users table, locate the OLD user entry.
5. Change the UserName column of the old entry to match the NEW user credential.
6. When the user logs on with their new credential, they should find the Email Addresses list is correct and all other settings as they were.

Notes:

• Before you make any changes to the database, back up the database.
• If the user is unable to log in with the new credential, this may be due to credential caching in Windows. See Trustwave Knowledgebase article Q14228.
• If you use SQL Express and do not have available the SQL Management Studio or Enterprise Manager, see Trustwave Knowledgebase article Q10576 to find out about available GUI tools.
• If you have a large number of entries to change, you can batch the change using SQL queries or scripting.
• In the worst case, you can remove all the information and require users to start again. To do this, delete all affected entries from the User, UserAlias, and UserDelegate tables.

An earlier version of this article was published as:

NETIQKB45244