Author Posts

June 23, 2014 at 8:40 am

We have an issue where users emailaddresses in AD do not exist in their proxyaddresses list.

I am trying to develop a script that would use GET-ADUSER and capture the emailaddress property and match it to the proxyaddresses array and if it does not exist, add it – and if it does exist, skip it.

[blockquote]Import-module activedirectory
$users = ((Get-ADUser -filter * | where-object { $_.emailaddress -ne $null }) | foreach{ $_.Name})
foreach ($user in $users)
{
$NewDefaultAddresses = ((Get-ADUser $User -properties emailaddress).emailaddress)
$NewProxyAddresses=@()
$AddressFoundInArray=$False
Write-Debug "Processing user $user"
$ProxyAddresses=(Get-ADUser $user -Properties proxyaddresses).proxyaddresses
foreach ($ProxyAddress in $ProxyAddresses) {
#Only evaluate smtp addresses
if ($ProxyAddress -match "^smtp:") {
$ProxyAddressArr=$ProxyAddress.Split(":")
If ($ProxyAddressArr[1] -eq $NewDefaultAddress) {
Write-Debug "Address $NewDefaultAddress found, converting to default address"
$NewProxyAddresses+=$proxyAddressArr[0].ToUpper()+":"+$ProxyAddressArr[1]
$AddressFoundInArray=$True
} else {
Write-Debug "Converting $ProxyAddress to non-default address"
$proxyAddressArr[0]=$proxyAddressArr[0].ToLower()
$NewProxyAddresses+=$proxyAddressArr[0].ToLower()+":"+$ProxyAddressArr[1]
}
} else {
$NewProxyAddresses+=$ProxyAddress
}
}
if (!$AddressFoundInArray) {
Write-Debug "Adding address $NewDefaultAddress"
$NewProxyAddresses+="SMTP:$NewDefaultAddress"
}
Set-ADUser $user -Replace @{ProxyAddresses=$NewProxyAddresses} -EmailAddress $NewDefaultAddress
}
[/blockquote]

June 23, 2014 at 10:11 am

Try something like the following (untested).


Import-Module ActiveDirectory
$users = Get-ADUser -LDAPFilter "(mail=*)" -Properties mail, proxyaddresses -ResultSetSize $null

foreach($user in $users){
	if($user.proxyaddresses -notcontains "smtp:$($user.mail)"){
		Set-ADUser -Identity $user.UserPrincipalName -Add @{ProxyAddresses="smtp:$($user.mail)"} -WhatIf
	}
}

June 23, 2014 at 10:20 am

You don't really mention what is not working with the posted script. You might be over complicating it a bit, so here are some considerations:

[ul]
[li]You are connecting to AD to get just the usernames, then connecting again to get email address as well as proxy information plus connecting again to Set the users AD data. In the below code, we connect once and pass the currect user object to Set the attributes[/li]

[li]When you are getting your AD data, you are pulling all records and then piping it to get Null email addresses. It is much more efficient to only get what you need from AD. The only caveat is array attributes like proxyaddresses, which there isn't any way to query against an array with LDAP (that I'm aware of), so in that instance you would need to parse it after you pulled the data. Do a internet search on LDAP filters to see the many ways to be specific in your queries.[/li]

[li]Use about_Comparison_Operators and look at -contains. This operator does comparisons against arrays, so since the proxies are an array, it can be leveraged to see if the email address is in the array. See below for a basic example:[/li]
[/ul]

$proxyAddy = @("smtp:anotheruser@corp.com", "smtp:user@corp.com")

if ($proxyAddy -notcontains "SMTP:user2@corp.com") {
    "Need to update account"
}
#Get AD users that have a value in emailaddress and get properties emailaddress and proxyaddresses
Get-AdUser -LDAPFilter "(emailaddress=*)" -Properties emailaddress, proxyaddresses | foreach{
    #Generate the new proxy string
    $emailProxy = "SMTP:{0}" -f $_.emailaddress
    if ($proxyAddy -notcontains $emailProxy) {
          #You are looping through AD users, so pass the current user to Set-AdUser and update the proxy
        $_ | Set-AdUser -Add @{ProxyAddresses=$emailProxy} -WhatIf
    } # if proxy contains email
} #$foreach AD user

Edit: Bucky was correct that an -Add would be simpler. Updated code

June 23, 2014 at 11:14 am

Get-AdUser -LDAPFilter "(emailaddress=*)" -Properties emailaddress, proxyaddresses |

EmailAddress isn't an LDAP field, thus can't be used for LDAP queries (i.e. use mail).