Author Posts

March 1, 2017 at 11:21 pm

So I'm trying to a bulk change to users' proxyaddresses. The issue is that these users reside in different AD forests and I keep getting this error:

Set-ADUser : Cannot find an object with identity: 'xxx' under: 'DC=loc1,DC=dc,DC=company,DC=com'.

which makes sense because these users are spread throughout these forests:
dc=loc2,DC=dc,DC=company,DC=com
dc=loc3,DC=dc,DC=company,DC=com
dc=loc4,DC=dc,DC=company,DC=com

I able to use the Get-ADUser properties of the user in the other forests using this command:

$User = get-aduser -filter {UserPrincipalName -eq $upn} -Server FQDN:3268

but I can't seem to figure out how to get the set-aduser command to check all forests for the user. It seems to be only checking the forest that my AD account currently resides in (dc=loc1).

Any help would be appreciated. I should warn you that I'm new to ps, so if you could show the actual code, that would help tremendously.

March 2, 2017 at 2:23 am

My PS knowledge is also low...Few thoughts:
A loop to check all forests
Use a credential that is global to run the script
Try select-object and use the object-guid with get-aduser and not use the upn

March 2, 2017 at 3:28 am

I don't have an AD environment to test, but something like this should work.

$forest = '
loc1.dc.company.com
loc2.dc.company.com
loc3.dc.company.com
loc4.dc.company.com'.Trim() -split "`n"

# List of users
$user = Import-Csv userlist.csv
# Check each server for users then make a change
foreach ($f in $forest){
    foreach ($u in $user){
        $instance = Get-AdUser -Server $f -Properties proxyaddress -Filter {UserPrincipalName -eq $u}
        $instance.ProxyAddress = "yournewaddress"
        Set-ADUser -Instance $instance
    }
}

March 2, 2017 at 7:13 pm

Thanks Random, that worked perfectly. I had to change the $forest to just actual text, it didn't like the split formatting for whatever reason.

May I ask why would putting the cmdlet in a variable work over just running the straight cmdlet?

$Forest = Get-ADForest |select domains

$user = Import-Csv c:\conflicts.csv
ForEach ($u in $User){
foreach ($f in $forest){
    
    $upn = $u.UPN
    $sn = "smtp:"+$u.OldEmail
    $obj = Get-AdUser -Server $f -Properties proxyaddresses -Filter {UserPrincipalName -eq $upn}
    If ($obj -ne $null){
    $obj.ProxyAddesses += $sn
    Set-ADUser -Instance $obj
    break
    }else{continue}
    }
}

March 3, 2017 at 4:33 pm

Ok, I had an epiphany and found a better way. Instead of going through all the domains trying to find the correct domain, why not just get the domain directly? Here is the updated code. Make sure to update the with your AD Global Catalog FQDN:

$user = Import-Csv C:\proxytest.csv
ForEach ($u in $User){

    $upn = $u.UPN
    $sn = "smtp:"+$u.OldEmail

    #this searches for the user and the OU they are listed in
    $dname = Get-AdUser -Server :3268 -Properties canonicalname -Filter {UserPrincipalName -eq $upn}
  
    #this extracts the OU
    $ou = $dname.CanonicalName
    $pos = $ou.IndexOf("/")
    $dn = $ou.Substring(0, $pos)

    #in AD, you need to specify the actual domain they are listed in
    $obj = Get-AdUser -Server $dn -Properties proxyaddresses -Filter {UserPrincipalName -eq $upn}
    
    If ($obj -ne $null){
    $obj.ProxyAddresses += $sn
    
    #removes the proxyaddress
    #$obj.ProxyAddresses.Remove($sn)

    Set-ADUser -Instance $obj
    }else{
    write-host "User does not exist in AD: "$upn}

    }