Author Posts

October 3, 2013 at 1:47 pm

Hi Experts,

in my organisation we have email address is stored in one of the extension attributes in user accounts. Now is there any way to validate whether that email id is correct using AD powershell?

October 3, 2013 at 4:23 pm

You can certainly access those AD attributes. If your script has a way of knowing what a user's email address is supposed to be, then you can check for the correct value, or even update it if it's wrong. The command will look something like this, assuming you're using the ActiveDirectory module:

$user = Get-ADUser -Identity SomeDude -Properties extensionAttribute6
$user.extensionAttribute6

October 3, 2013 at 10:51 pm

Hi Dave,

Sorry if my question is not clear to you...

Your code will give me the Email ID present in extensionattribute6. But sometimes this email id might have expired or this might not get resolve in outloook because there was some spelling mistake while updating email address in this extensionattribute6.

lets take an example.. In our org for service accounts we will update email id of the service account owner in Service Account properties(lets say extensionattribute6).. there are chances that this owner left the company and email id is not valid anymore. Now how can i find such accounts whose owner is not valid (ie extensionattribute6 is not getting resolved in outlook).

October 4, 2013 at 12:35 am

This will find a mailbox based on the attribute value


$mbx = Get-Mailbox -Identity (Get-ADUser -Identity SomeDude -Properties extensionAttribute6 -erroraction silentlycontinue | select -expand extensionAttribute6)
if ($mbx) { do stuff as it exists}
else { do other stuff because it doesn't exist

October 11, 2013 at 1:02 pm

get-mailbox is exchange cmdlet.. how can i get result using AD cmdlets?

October 16, 2013 at 7:23 pm

hi guys...any inputs?

October 17, 2013 at 12:06 pm

You're trying to compare what is in AD to what is in Exchange, in order to see if the entry in AD is wrong. So, you need to load the AD module and the exchange module so you can access both the extended attribute in AD (where the email address is) and exchange where the "proper" email address is located. At least that's how it sounds to me.

I'd throw together a script that compares the AD extended attribute to the exchange attribute but I do not have access to the Exchange cmdlets in my organization since it's a different team handling mail servers. sorry