Entering people's email addresses in AD attribute

Solution 1:

A user's mail attribute does not need to contain an address within the Active Directory domain. In fact, there is not input validation on the field -- you may enter a string which is not a valid email address.

Solution 2:

If you don't have Exchange or any other AD-integrated mail system, that attribute is effectively unused; it can be used to store information, like the user's actual email address, but nothing will make any use of it and you will be able to see what it contains only by doing an AD query.

So, yes, you can safely store the user's email address in there; but it will not be available to, say, the Outlook address book, because there is nothing server-side actually using it; it will only be useful if you open the ADUC console (or any other tool which queries AD) and look for it.

---

By the way, even if you had Exchange, that attribute is only written by Exchange, never read (Exchange stores the user's actual addresses in a completely different place); so Exchange will initially put there the user's primary e-mail address, but you can overwrite it with anything you want, without any consequence at all.

---

Solution 3:

I was doing a research on this mail attribute in regards to Azure AD synchronisation and I have a slightly different finding which I would like to share here.

1) In an AD Exchange 2010 environment, the mail attribute is used by Outlook as the email address to send to.
2) It appears in the E-mail address column of Global Address List.
3) Yes, you can change the mail attribute to anything you like. ADUC does not even check if it is a legitimate SMTP address.
4) However, if you happen to change the primary SMTP address of a certain mailbox, Exchange will then update the mail attribute of the corresponding account with the new primary SMTP address.