Get Active Directory Contact information

This topic contains 13 replies, has 5 voices, and was last updated by  amude 9 months, 3 weeks ago.

  • Author
  • #57124

    Brian Clanton

    Is there a way I can run a script from AD server to get list of contacts to eventually modify?

    Getting my list is easy with the following command:

    Get-ADObject -Filter 'ObjectClass -eq "Contact"' -SearchBase 'OU=AmericanSokol-Contacts,OU=AmericanSokol, OU=Hosted, DC=techpro, dc=local'

    However, I will need to modify the Contact info and to do that, there are Exchange cmdlets like get-contact that do not work on the AD server.

    Is there a way to do this exclusively from AD or do I need to immport Exchange modules from Exchange?

  • #57130

    Dan Potter


  • #57133

    Brian Clanton

    The trick is, how do I query the Contact Attribute "showinaddressbook" to see if it is Null? From initial research, it seems that I can only do this from Exchange.

    I have limited access to Exchange so I am trying to accomplish this from AD if possible.

  • #57136


    It can be tricky trying to do it with only the AD commands. You would be better off running the exchange commands when its time to make the modifications. There are subtle things that change in many instances that you may not account for when attempting to do them manually in AD.

  • #57139

    Dan Potter

    get-adobject -Filter {(objectclass -eq 'contact') -and (showinaddressbook -like "*")} -Properties showinaddressbook | select -First 1

    inverse is -notlike

  • #57292

    Brian Clanton

    So upshot is that I need to import Exchange capabilities when I have to modify/delete/write entries in the attribute list if it relates to these email contacts...specifically the showinaddressbook attribute?

  • #57326

    Dan Potter

    If an attribute is writeable you can do whatever you want with it. It's not so hard to use both exchange and ad modules together, I do it all the time. Grab the installation media for exchange and only install the tools.

  • #57373


    Yes, the "Hide From Exchange address list" attribute is not straightforward. The checkbox in EMC is stored in msExchHideFromAddressLists and is checked if true, but unchecked can be False or Null. If you uncheck it in EMC, it nulls it. However, the checkbox has nothing to do with it being actually hidden. ShowInAddressBook contains the address list(s) where it is visible, and when you hide it in EMC, it does not remove it from all of them. If you want to hide it, you can set msExchHideFromAddressLists to True and clear ShowInAddressBook. If you want to make it visible again, however, you should do it through EMC or use the Exchange command, "Set-Mailbox $mb -HiddenFromAddressListsEnabled $false". Exchange knows which address lists to use to make it properly visible again. I'm sure you could do this as well with just AD, but you'd have to know your Exchange environment exceedingly well, and it could change on you and cause your AD only script to fail.

    Edit: forgot you were doing this with contacts, same concept though, different command, "Set-MailContact $ct -HiddenFromAddressListsEnabled $false"

  • #57470

    Brian Clanton

    From one of the technicians, this is the pseudo code he put together for me as far as what he wants to accomplish.

    Prompt for OU
    $OU = User Input

    $ContactsArray = Get List of root OU entry and subtrees of root OU of any contact type.
    ForEach ($Contact in $ContactsArray){
    If ($Contact.Attribute. showAddressBoook -eq Null){
    Make Entry
    CN=$OU Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local

    CN=$OU- All Users,CN=All Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local

    CN=$OU- All Groups,CN=All Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local


  • #57620



    get contact list
    for each {
    set-adobject -identity $contact.distinguishedname -replace @{showinAddressBook = $list}

    Obviously untested pseudo-code. Start with a single contact that you can screw up and fix unless you have a test environment.

  • #58109

    Brian Clanton

    The 'get-contact' list is the challenge since I would need to import Exchange session into my PS console which I am running from their AD server.

    I am having an issue importing Exchange where it errors out when I run 'import-session' with the correct syntax.

    I have another post regarding this issue:

  • #58130


    You can get them with exchange.

    get-adobject -ldapfilter "(&(objectClass=contact)(objectCategory=person)(!showinAddressBook=*))" -properties *

    This gets all contacts where showinAddressBook is null.

    Add other parameters as needed, searchbase, etc.

  • #78255

    Participant Debone native equal discoursed suspense plunders. Discriminate telly balmy meditates dither. Wirier.

  • #78764

    Participant Flounces invalid contretemps madam harm penalise ebullient. Revs tanneries historically gory brewer.

You must be logged in to reply to this topic.