27 December 2018

Replace Primary SMTP Address | AD

I've recently had to replace the Primary SMTP address for all users within an organisation.  Of course this is a lot easier if you script it.

I needed to do this as the client was changing their primary address, but wanted to retain all the current proxyAddresses as well.

This was achieved by using two scripts.

$Users = Get-ADUser -SearchBase 'OU=ouname,OU=ouname,OU=ouname,OU=ouname,DC=domai,DC=com,DC=au' -Filter * -Properties mail,ProxyAddresses | Select-Object samaccountname,ProxyAddresses
Foreach ($User in $Users)

            $Samaccountname = $User.samaccountname
            $SMTP = "SMTP:$samaccountname@newdomain.com.au"
            Set-ADUser $samaccountname -Add @{proxyAddresses=$SMTP}

This script adds the new SMTP address for all users within a certain OU.  Of course this will cause some troubles on its own, as there's now going to be two SMTP addresses, marked as primary.

The following script clears this up:

Get-ADUser -SearchBase 'OU=ouname,OU=ouname,OU=ouname,OU=ouname,DC=domai,DC=com,DC=au' -Filter * -Properties mail,ProxyAddresses |
    Foreach {  
        $proxies = $_.ProxyAddresses | 
                $a = $_ -replace 'SMTP','smtp'
                if($a -match 'newdomain.com.au'){
                    $a -replace 'smtp','SMTP'
        $_.ProxyAddresse = $proxies
        Set-ADUser -instance $_


21 December 2018

proxyAddress Attribute doesn't copy when using Active Directory Migration Tool (ADMT)

I recently needed to perform a cross-forest migration for a client.  I used ADMT to move the users across, however I needed to retain the Mail and the proxyAddress attribute as they had Office 365.

By default, ADMT excludes these attributes from the migration, meaning you're going to be left with users that don't have this information.  This will cause lots of issues if you're needing to use O365.

Luckily, there's a simply way to get this sorted, by removing the items from the Exclusion list.

1. Create a new VBS script by coping the following info a Notepad document, then saving as DisplayExclusionList.vbs

Set o = CreateObject("ADMT.Migration")
WScript.Echo o.SystemPropertiesToExclude

2. Open an Administrative Command Prompt, navigate to C:\Windows\SysWow64, then run the the command

cscript.exe C:\Temp\DisplayExclusionList.vbs
Obviously you'd need to copy the vbs file to C:\Temp first

Note: I took the screenshot after applying this change, so the mail and proxyAddress attributes are already missing.

3. Once you have done this, you will see the list of all the items that are in the exclusions list.  From here you can create a similar script which will amend that list and remove mail and proxyAddress

Set o = CreateObject("ADMT.Migration")

o.SystemPropertiesToExclude = "msDS-PSOApplied,msDS-HostServiceAccount,attributeCertificateAttribute,audio,carLicense,departmentNumber,employeeNumber,employeeType,gecos,gidNumber,homePostalAddress,houseIdentifier,ipHostNumber,jpegPhoto,labeledURI,loginShell,memberUid,msDFSR-ComputerReferenceBL,msDFSR-MemberReferenceBL,msDS-ObjectReferenceBL,msDS-SourceObjectDN,msExchAssistantName,msExchHouseIdentifier,msExchLabeledURI,msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Route,msSFU30Aliases,msSFU30Name,msSFU30NisDomain,msSFU30PosixMember,msSFU30PosixMemberOf,networkAddress,nisMapName,otherMailbox,photo,preferredLanguage,registeredAddress,roomNumber,secretary,shadowExpire,shadowFlag,shadowInactive,shadowLastChange,shadowMax,shadowMin,shadowWarning,textEncodedORAddress,uid,uidNumber,unixHomeDirectory,unixUserPassword,userPKCS12,userSMIMECertificate,x500uniqueIdentifier"

Whilst this might look like a really long command, all I did was copy the output from the DisplayExclusionsList.vbs file, then input it at the end of the script.

After running the migration again, the attributes moved through very nicely and saved me a lot of time!!