Bulk Adding/Editing Email Addresses in the proxyAddresses Attribute

Scenario: You buy a new domain name(s) and want to bulk-add the new email aliases to all users in an environment where Azure AD Connect is in use but you have no local Exchange Server for management.

Scenario 2: Management decides to add a new alias to everyone’s account that’s based on the contents of one or more existing AD attributes in an environment where Azure AD Connect is in use but you have no local Exchange Server for management.

You’d typically end up in this situation if you’re using AAD Connect and you’ve done a cutover migration using a 3rd party tool.

You might be used to adding email aliases by editing the proxyAddresses attribute in AD but doing this for multiple users might be tedious if you have more than a few users.

The following PowerShell command assumes five things:

  1. You’re testing this command on a single user whose login is “username”.  To apply to all users within the Searchbase, then -Filter * instead.
  2. Your domain FQDN is domain.local and you want to apply this (subject to filtering) to all AD User objects in the directory. Change -searchbase as appropriate to apply to your domain and narrow down the OU if required.
  3. You have three new domains, domain1.org, domain2.com and domain3.org. Edit this command  as appropriate to change domain name(s) and add/remove the comma separated strings e.g. (“smtp:{0}@{1}” f $_.samaccountname, ‘domain2.com’) to add or remove domains.
  4. You want to use the SamAccountName (login name) in the email addresses. Using another value, such as firstname.surname, would involve a little more complexity. You might do something like this (“smtp:{0}{1}{2}@{3}” f $_.givenname, ‘.’, $_.surname, ‘domain3.org’)
  5. You want to leave any existing proxyAddresses intact. You can’t use this command to change the primary SMTP address. If you want to do that, precede this with Set-ADUser -clear proxyAddresses then define one of your proxyAddresses with upper case SMTP: to make it the reply-to. See example below for details

You might need to Import-Module ActiveDirectory first and it needs to be run on an appropriate machine (Domain Controller is the obvious one but any domain member with the AD PowerShell module installed (Install-WindowsFeature RSAT-AD-PowerShell) would be fine).

get-aduser -Filter {samaccountName -eq "username" } -searchbase "dc=domain,dc=local" | Foreach {Set-ADUser -identity $_.samaccountname -Add @{'ProxyAddresses'=@(("smtp:{0}@{1}"-f $_.samaccountname, 'domain1.org'),("smtp:{0}@{1}" -f $_.samaccountname, 'domain2.com'),("smtp:{0}@{1}" -f $_.samaccountname, 'domain3.org'))} }

Please test this first on a single user. No liability accepted by the author!

Here’s an example if you need to firstly clear out the attribute to write out a new primary SMTP. Remember this will clear ALL existing proxyAdresses so make sure you include all intended proxyAddresses in the second part of the command:

get-aduser -Filter {samaccountName -eq "username" } -searchbase "dc=domain,dc=local" | Foreach {Set-ADUser -Identity $_.samaccountname -clear proxyAddresses; Set-ADUser -identity $_.samaccountname -Add @{'ProxyAddresses'=@(("SMTP:{0}@{1}"-f $_.samaccountname, 'domain1.org'),("smtp:{0}@{1}" -f $_.samaccountname, 'domain2.com'),("smtp:{0}@{1}" -f $_.samaccountname, 'domain3.org'))} }

If many of your users have a lot of custom proxyAddresses, which many people do, then this last command probably isn’t for you! Consider instead exporting proxyAddresses to CSV with..

get-aduser -Filter {samaccountName -eq "username" } -searchbase "dc=domain,dc=local" | Select-Object Name, @{L = "ProxyAddresses"; E = { $_.ProxyAddresses -join ";"}} -Export-Csv -Path c:\temp\proxyaddresses.csv

Then edit the proxyAddresses column of the CSV as appropriate, split it up into separate columns in Excel using the ; as the delimiter or whatever and then use it as a data source for re-populating the attribute. That’s beyond the scope of this blog post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s