I have a device extension attribute that gets userPrincipalName from LDAP. The value for userPrincipalName is formatted like an email: user@domain.com.

I found that inventory is successfully getting the userPrincipalName value and displaying it as user@domain.com, but when I try to use the $EXTENSIONATTRIBUTE_# variable in a profile, the "@" in the userPrincipalName gets converted to "@"

Has anyone else encountered this or found a work-around?

I'm generating certificates using the new AD CS connector and I need my certificates to have subject as CN=User@domain.com but this transposition of the "@" is breaking it for me. Before you ask, I can't use $EMAIL as the subject because email domain is different from UserPrincipalName domain.

UPDATE: I found a work-around. I was able to map the LDAP attribute UserPrincipalName to the Jamf variable $ROOM using the Jamf LDAP user mappings. When done this way, Jamf does not covert "@" to "@"

UPDATE #2: Jamf has confirmed this is a bug. Bug # PI-006195.