How to allow users to log in using e-mail addresses in Active Directory

Step 1: Login to Web UI
Step 2: Go to Manage | System setup | Server | LDAP Configuration
Step 3: Then click on the configure icon, which looks like a pencil, for the LDAP server listed.
Step 4: Under the LDAP query panel section, change the User login name attribute from sAMAccountName to userPrincipalName and Edit the Query Information for LDAP Users:

Filter: (&(|(objectClass=group)(objectClass=person)(objectClass=publicFolder))(mail=*)(userPrincipalName=*))

Make sure the netbios domain name is filled in and then click on the save changes button. Users should now be able to login using their email address.

NOTE: This will only work in single LDAP scenario currently. It won't work for EmailSecurity version 7.2.x or higher which supports multiple LDAP that is configured with two or more LDAP profiles.

CAUTION: The userPrinicpalName sometimes do not match the primary email address of the exchange server so user must understand or be educated.

This article pertains to Email Security when using Active Directory in Windows 2003 or 2008 and Exchange 2003 or 2007. Adjustments may be possible to allow this to work with other systems based on the LDAP query configuration.

How to Test:

Have a user login using their email address as shown under the userPrincipalName

NOTE: If the navigation or the screenshot looks different from the one mentioned above , you may be in an older firmware version and would require a firmware upgrade. Please refer the link below to upgrade the firmware to latest version.

https://www.sonicwall.com/en-us/support/knowledge-base/170504270079039