Get Active Directory Contact information

This topic contains 11 replies, has 3 voices, and was last updated by Profile photo of Ron Ron 2 weeks, 4 days ago.

  • Author
    Posts
  • #57124
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    Is there a way I can run a script from AD server to get list of contacts to eventually modify?

    Getting my list is easy with the following command:

    Get-ADObject -Filter 'ObjectClass -eq "Contact"' -SearchBase 'OU=AmericanSokol-Contacts,OU=AmericanSokol, OU=Hosted, DC=techpro, dc=local'

    However, I will need to modify the Contact info and to do that, there are Exchange cmdlets like get-contact that do not work on the AD server.

    Is there a way to do this exclusively from AD or do I need to immport Exchange modules from Exchange?

  • #57130
    Profile photo of Dan Potter
    Dan Potter
    Participant

    set-adobject

  • #57133
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    The trick is, how do I query the Contact Attribute "showinaddressbook" to see if it is Null? From initial research, it seems that I can only do this from Exchange.

    I have limited access to Exchange so I am trying to accomplish this from AD if possible.

  • #57136
    Profile photo of Ron
    Ron
    Participant

    It can be tricky trying to do it with only the AD commands. You would be better off running the exchange commands when its time to make the modifications. There are subtle things that change in many instances that you may not account for when attempting to do them manually in AD.

  • #57139
    Profile photo of Dan Potter
    Dan Potter
    Participant

    get-adobject -Filter {(objectclass -eq 'contact') -and (showinaddressbook -like "*")} -Properties showinaddressbook | select -First 1

    inverse is -notlike

  • #57292
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    So upshot is that I need to import Exchange capabilities when I have to modify/delete/write entries in the attribute list if it relates to these email contacts...specifically the showinaddressbook attribute?

  • #57326
    Profile photo of Dan Potter
    Dan Potter
    Participant

    If an attribute is writeable you can do whatever you want with it. It's not so hard to use both exchange and ad modules together, I do it all the time. Grab the installation media for exchange and only install the tools.

  • #57373
    Profile photo of Ron
    Ron
    Participant

    Yes, the "Hide From Exchange address list" attribute is not straightforward. The checkbox in EMC is stored in msExchHideFromAddressLists and is checked if true, but unchecked can be False or Null. If you uncheck it in EMC, it nulls it. However, the checkbox has nothing to do with it being actually hidden. ShowInAddressBook contains the address list(s) where it is visible, and when you hide it in EMC, it does not remove it from all of them. If you want to hide it, you can set msExchHideFromAddressLists to True and clear ShowInAddressBook. If you want to make it visible again, however, you should do it through EMC or use the Exchange command, "Set-Mailbox $mb -HiddenFromAddressListsEnabled $false". Exchange knows which address lists to use to make it properly visible again. I'm sure you could do this as well with just AD, but you'd have to know your Exchange environment exceedingly well, and it could change on you and cause your AD only script to fail.

    Edit: forgot you were doing this with contacts, same concept though, different command, "Set-MailContact $ct -HiddenFromAddressListsEnabled $false"

  • #57470
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    From one of the technicians, this is the pseudo code he put together for me as far as what he wants to accomplish.

    Prompt for OU
    $OU = User Input

    $ContactsArray = Get List of root OU entry and subtrees of root OU of any contact type.
    ForEach ($Contact in $ContactsArray){
    If ($Contact.Attribute. showAddressBoook -eq Null){
    Make Entry
    CN=$OU Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local

    CN=$OU- All Users,CN=All Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local

    CN=$OU- All Groups,CN=All Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local
    Else
    Skip

    }

  • #57620
    Profile photo of Ron
    Ron
    Participant

    $list=@('dn1',
    'dn2',
    'dn3')

    get contact list
    for each {
    set-adobject -identity $contact.distinguishedname -replace @{showinAddressBook = $list}
    }

    Obviously untested pseudo-code. Start with a single contact that you can screw up and fix unless you have a test environment.

  • #58109
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    The 'get-contact' list is the challenge since I would need to import Exchange session into my PS console which I am running from their AD server.

    I am having an issue importing Exchange where it errors out when I run 'import-session' with the correct syntax.

    I have another post regarding this issue:
    https://powershell.org/forums/topic/importing-exchange-2013/

  • #58130
    Profile photo of Ron
    Ron
    Participant

    You can get them with exchange.

    get-adobject -ldapfilter "(&(objectClass=contact)(objectCategory=person)(!showinAddressBook=*))" -properties *

    This gets all contacts where showinAddressBook is null.

    Add other parameters as needed, searchbase, etc.

You must be logged in to reply to this topic.