<< A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

–A–

–B–

–C–

contact, find by email

Get-ADObject -LDAPFilter "objectClass=Contact" -Properties Name,mail | Where-Object{$_.mail -like "ac*"} | ft Name, mail, distinguishedName

See also

contacts, display proxyAddresses (actually, this is only local AD contacts - need to get better command for O365 contacts.)

Set a variable for the file name. Normally we'd simply output to the console. But we'll likely massage results in Excel.

$datesuffix = get-date -Format yyy-MM-dd_HHmmss

use Get-ADObject rather than Get-Contact

Get-ADObject -filter {objectclass -eq "contact" } -property DisplayName,targetAddress,proxyAddresses | `

  select DisplayName,targetAddress, @{Name= 'proxyAddresses';Expression={[string]::join(";", $($_.proxyAddresses))}} | `

  export-csv -delimiter ";" -notype allContacts_$($datesuffix).csv

Open up in Excel. Text-to-columns on 1st 2 colums. use ";" as delimiter.

contacts' OUs - see OUs for contacts

–D–

distribution group, find

find by name

Get-ADGroup -Filter {(GroupCategory -eq "Distribution") -and (Name -like "Accounting*")} -Properties name, mail, distinguishedName | ft name, mail, distinguishedName

or, to find distribution group corresponding to a certain email

Get-ADGroup -Filter {(GroupCategory -eq "Distribution") -and (mail -like "Accounting*")} -Properties name, mail, distinguishedName | ft name, mail, distinguishedName

See also

distribution groups bounce for outside users - see outside users can't send to distribution lists

–E–

–F–

–G–

GAL (Global Address Book), suppressed? - see msExchHideFromAddressLists property, Offline Address Book, add or remove many users from showing up using one command for many users in an OU

–H–

–I–

–J–

–K–

–L–

–M–

msExchHideFromAddressLists property - see also Offline Address Book, add or remove many users from showing up using one command for many users in an OU

(this local AD attribute is equivalent to HiddenFromAddressListsEnabled in the cloud.)

Security groups with mailboxes, show msExchHideFromAddressLists status

Get-ADGroup -Filter {(GroupCategory -eq "Security")} -Properties msExchHideFromAddressLists,mail -SearchBase 'OU=YourOU,DC=yourDomain,DC=com' | ?{$_.mail -ne $null} | Sort-Object msExchHideFromAddressLists,mail,name | ft name, mail, msExchHideFromAddressLists

Distribution groups

Get-ADGroup -Filter {(GroupCategory -eq "Distribution")} -Properties msExchHideFromAddressLists,mail -SearchBase 'OU=YourOU,DC=yourDomain,DC=com' | ?{$_.mail -ne $null} | Sort-Object msExchHideFromAddressLists,mail,name | ft name, mail, msExchHideFromAddressLists

–N–

null, filter on property

In this example, we want to find all ADUsers whose msExchHideFromAddressLists property is not set. So we quite reasonably attempt to filter on that filter not equal to the $null variable:

Get-ADuser -filter {msExchHideFromAddressLists -eq $null} -Properties msExchHideFromAddressLists | ft Name, msExchHideFromAddressLists

But that fails with:

Get-ADuser : Variable: 'null' found in expression: $null is not defined.

So, instead filter on -notlike "*":

Get-ADuser -filter {msExchHideFromAddressLists -notlike "*"} -properties msExchHideFromAddressLists | ft Name, msExchHideFromAddressLists

You can actually still filter on the $null variable. Just not in the very first part of the command where you're using the -filter. Instead, use later after a pipe:

Get-ADuser -filter * -properties msExchHideFromAddressLists | ? {$_.msExchHideFromAddressLists -eq $null} | ft Name, msExchHideFromAddressLists

I like to think that the first method of filtering on -notlike "*" is more efficient and elegant.

–O–

Offline Address Book, add or remove many users from showing up using one command for many users in an OU see also msExchHideFromAddressLists property, GAL (Global Address Book) suppressed

Need to alter the msExchHideFromAddressLists property. By default, this property is not set at all to begin with. So filter on this property not being set. (-notlike "*")

Get-ADUser -Filter {msExchHideFromAddressLists -notlike "*"} -Properties msExchHideFromAddressLists -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | Set-ADUser -Replace @{msExchHideFromAddressLists=$false}

Outside users can't send to distribution lists

look at the msExchRequireAuthToSendTo attribute. Those who can't have it set to true:

Get-ADGroup -Properties mail,displayName,msExchRequireAuthToSendTo -Filter {(msExchRequireAuthToSendTo -eq $true)} | Sort-Object displayName,Name | ft Name,displayName,mail

Those who can either don't have it set at all or have it set to false:

Get-ADGroup -Properties mail,displayName,msExchRequireAuthToSendTo  -Filter {(msExchRequireAuthToSendTo -notlike "*") -or (msExchRequireAuthToSendTo -eq $false)} | Sort-Object displayName,Name | ft Name,displayName,mail,msExchRequireAuthToSendTo

–P–

proxyAddresses, bulk change in place

Populate variable $localUsers with those who have proxyAddresses like your domain and are in the correct OU

$localUsers = Get-ADUser -Filter {(proxyAddresses -like "*yourDomain.com")} -Properties proxyAddresses,mail,SamAccountName -SearchBase 'OU=YourOU,DC=yourDomain,DC=com'

Verify that the users you have match what you think the existing proxyAddresses should be

$localUsers | ft Name, mail, SamAccountName, proxyAddresses

Add new proxyAddresses. In this case, corresponding with a new tenant.

$localUsers | %{Set-ADUser -Identity $_.SamAccountName -add @{ proxyAddresses = "smtp:" + $_.mail.split("@")[0] +"@YourNewTenant.onmicrosoft.com"}}

Verify that the new proxyAddresses have, indeed, been added.

Get-ADUser -Filter { (proxyAddresses -like "*yourDomain.com")} -Properties proxyAddresses,mail -SearchBase 'OU=YourOU,DC=yourDomain,DC=com' | ft Name, proxyAddresses

Now, take away proxyAddresses. In this case, corresponding with our old tenant.

$localUsers | %{Set-ADUser -Identity $_.SamAccountName -remove @{ proxyAddresses = "smtp:" + $_.mail.split("@")[0] +"@YourOldTenant.onmicrosoft.com"}}

Verify that the old proxyAddresses have been removed.

Get-ADUser -Filter {(proxyAddresses -like "*yourDomain.com")} -Properties proxyAddresses,mail -SearchBase 'OU=YourOU,DC=yourDomain,DC=com' | ft Name, proxyAddresses

proxyAddresses, categorize

we want all the "real" proxy addresses and want to suppress listing the ones containing "500"

Get-ADUser -Filter * -Properties proxyAddresses,mail,SamAccountName,targetAddress -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | Select SamAccountName , @{Name="PrimaryEmailAddress";Expression={$_.ProxyAddresses | ?{$_ -notmatch '500*'}}}

or this would also work:

Get-ADUser -Filter * -Properties proxyAddresses,mail,SamAccountName,targetAddress -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | Sort-Object SamAccountName | Select SamAccountName, @{Name="PrimaryEmailAddress";Expression={$_.ProxyAddresses | ?{$_ -match 'SMTP*'}}}

although it doesn't only get capital SMTP. To do that, use -cmatch instead of -match:

Get-ADUser -Filter * -Properties proxyAddresses,mail,SamAccountName,targetAddress -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | Sort-Object SamAccountName | Select SamAccountName, @{Name="PrimaryEmailAddress";Expression={$_.ProxyAddresses | ?{$_ -cmatch 'SMTP*'}}}

Sometimes just specifying the "SMTP" without omitting "500" gets you a stray "500" or two. So, combining both seems to work best:

Get-ADUser -Filter * -Properties proxyAddresses,mail,SamAccountName,targetAddress -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | Sort-Object SamAccountName | Select SamAccountName, @{Name="PrimaryEmailAddress";Expression={$_.ProxyAddresses | ?{($_ -cmatch 'SMTP*') -and ($_ -notmatch '500*')}}}

finally, let's split out these proxyAddresses into 3 groups of interest

plus targetAddress:

Get-ADUser -Filter * -Properties proxyAddresses,mail,SamAccountName,targetAddress -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | Sort-Object SamAccountName | Select SamAccountName, @{Name="PrimaryEmailAddress";Expression={$_.ProxyAddresses | ?{($_ -cmatch 'SMTP') -and ($_ -notmatch '500*')}}}, @{Name="OtherEmailAddresses";Expression={$_.ProxyAddresses | ?{($_ -cmatch 'smtp') -and ($_ -notmatch 'onmicrosoft') -and ($_ -notmatch '500')}}}, @{Name="onMicrosoftAddresses";Expression={$_.ProxyAddresses | ?{($_ -cmatch 'smtp') -and ($_ -match 'onmicrosoft') -and ($_ -notmatch '500')}}}, targetAddress | ft

With the greater complexity of the last query, leaving off the "*" wildcard seems to work better - even though it seemed to work OK when only looking for "SMTP*"

Same query for contacts

Get-ADObject -LDAPFilter "objectClass=Contact" -Properties proxyAddresses,mail,name,targetAddress -SearchBase 'OU=YourTenant,DC=yourDomain,DC=com' | Sort-Object name | Select name, @{Name="PrimaryEmailAddress";Expression={$_.ProxyAddresses | ?{($_ -cmatch 'SMTP') -and ($_ -notmatch '500*')}}}, @{Name="OtherEmailAddresses";Expression={$_.ProxyAddresses | ?{($_ -cmatch 'smtp') -and ($_ -notmatch 'onmicrosoft') -and ($_ -notmatch '500')}}}, @{Name="onMicrosoftAddresses";Expression={$_.ProxyAddresses | ?{($_ -cmatch 'smtp') -and ($_ -match 'onmicrosoft') -and ($_ -notmatch '500')}}}, targetAddress | Out-GridView

proxyAddresses, find

Get-ADUser -filter * | where-Object {$_.ProxyAddresses -match "user@yourDomain.com" } | fl

proxyAddresses, save to CVS

Normally, when you attempt to save proxyAddresses to CVS, they don't show up right. You get something like, "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" for that field.

Get-ADUser -Filter * -SearchBase 'CN=Monitoring Mailboxes,CN=Microsoft Exchange System Objects,dc=yourDomain,dc=colo' -Properties proxyAddresses | `
Select-Object Name, @{L = "proxyAddresses"; E = { $_.proxyAddresses -join ";"}} | Export-Csv "C:\Users\someuser\Documents\HealthMailBoxes.csv"

proxyAddresses, suppress X500 from view - see proxyAddresses, categorize

–Q–

–R–

–S–

security group, find email-enabled

Get-ADGroup -Filter {(GroupCategory -eq "Security") -and (mail -like "*")} -Properties name, mail, distinguishedName | Sort-Object mail | ft name, mail, distinguishedName

See also

–T–

targetAddress, bulk change in place

Users

Populate variable $localUsers with those who have targetAddress like your domain and are in the correct OU

$localUsers = Get-ADUser -Filter {(TargetAddress -like "*onmicrosoft.com")} -Properties TargetAddress,mail,SamAccountName -SearchBase 'OU=yourOU,DC=yourDomain,DC=com'

Verify that the users you have match what you think the existing targetAddress should be

$localUsers | ft Name, mail, SamAccountName, targetAddress

Replace targetAddresses.

$localUsers | %{Set-ADUser -Identity $_.SamAccountName -replace @{targetAddress = "SMTP:" + $_.mail.split("@")[0] + "@yourtenant.onmicrosoft.com"}}

Verify that the old targetAddress have been removed.

Get-ADUser -Filter { (TargetAddress -like "*onmicrosoft.com")} -Properties TargetAddress,mail,SamAccountName -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | ft Name, mail, SamAccountName, TargetAddress

Contacts

Let's say we want to replace all targetAddress that begins with "smtp" to instead begin with "SMTP". Start by finding all contacts that contain the lower-case "smtp". We can't rely on SamAccountName the way we can with users but instead must stash objectGUID because, unlike users, contacts don't have SamAccountName. Find the lower case "smtp" by using the case-sensitive version of -match which is -cmatch

$localUsers = Get-ADObject -LDAPFilter "objectClass=Contact" -Properties TargetAddress,mail,objectGUID -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | ?{($_.TargetAddress -cmatch 'smtp*')}

If, instead, we want to find any target addresses that end with ".onmicrosoft.com", better to omit the "*" if you want search using "-cmatch" below:

$localUsers = Get-ADObject -LDAPFilter "objectClass=Contact" -Properties TargetAddress,mail,objectGUID -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' | ?{($_.TargetAddress -cmatch '.onmicrosoft.com')}

because the "*" must have something preceding it; it'll barf if it's at the beginning of a "-cmatch" search string. Contrary to what one (I, for one) would expect, this actually finds anything ending with ".onmicrosoft.com"

Verify that we selected records that begin with "smtp" and also with displaying our proposed replacement "SMTP" version in the last column with which we plan to replace targetAddress in the column before.

$localUsers | Sort-Object Name | ft Name, objectGUID, mail, targetAddress, @{Name="NewTarget";Expression={"SMTP:" + $_.targetAddress.split(":")[1]}}

Or, perhaps this is we merely want to replicate the mail to target address:

$localUsers | Sort-Object Name | ft Name, objectGUID, mail, targetAddress, @{Name="NewTarget";Expression={"SMTP:" + $_.mail}}

Now we actually replace:

$localUsers | %{Set-ADObject -Identity $_.objectGUID -replace @{targetAddress = "SMTP:" + $_.targetAddress.split(":")[1]}}

Verify that the replace went as planned. Get all the objects in this OU and display their targetAddress:

Get-ADObject -LDAPFilter "objectClass=Contact" -Properties TargetAddress,mail -SearchBase 'OU=yourTenant,DC=yourDomain,DC=com' | Sort-Object Name | ft Name,mail,TargetAddress

There should no longer be any "smtp" left, only "SMTP".

Email-enabled security groups

Find all Email-enabled security groups that don't have a corresponding targetAddress:

$localSecurityGroups = Get-ADGroup -Filter {(GroupCategory -eq "Security") -and (Mail -like "*") -and (targetAddress -notlike "*") } -Properties TargetAddress,mail

Look to see what comes up:

$localSecurityGroups | ft Name, Mail, TargetAddress

$localSecurityGroups | %{Set-ADObject -Identity $_.objectGUID -replace @{targetAddress = "SMTP:" + $_.Mail.split("@")[0] + "@yourTenant.onmicrosoft.com"}}

Get-ADGroup -Filter {(GroupCategory -eq "Security") -and (mail -like "*")} -Properties TargetAddress,mail | ft Name, Mail, TargetAddress

–U–

user, find by email

Get-ADUser -Filter {mail -like "ac*"} -Properties UserPrincipalName, mail, distinguishedName | ft UserPrincipalName, mail, distinguishedName

See also

user, find by proxyAddresses

Get-ADObject -Properties mail, proxyAddresses -Filter {(proxyAddresses -like "*yourDomain.com") -and (ObjectClass -eq "user")} | sort-object name | ft Name, mail, proxyAddresses, distinguishedname

user, find by proxyAddresses and OU

Get-ADObject -Properties mail, proxyAddresses -SearchBase 'OU=yourOU,DC=yourDomain,DC=com' -Filter {(proxyAddresses -like "*yourDomain.com") -and (ObjectClass -eq "user")} | sort-object name | ft Name, mail, proxyAddresses, distinguishedname

–W–

–X–

X500 proxyAddresses, suppress from view - see proxyAddresses, categorize

–Y–

–Z–