Weekend Scripter: Create Proxy Addresses in Active Directory with PowerShell

Weekend Scripter: Create Proxy Addresses in Active Directory with PowerShell

  • Comments 4
  • Likes

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to automatically create proxy addresses in Active Directory Domain Services by using Windows PowerShell.

Microsoft Scripting Guy, Ed Wilson, is here. So I have been talking back and forth with one of the members of the Charlotte Windows PowerShell Users group since my presentation to the group on the first Thursday of the month. One of the questions he has is related to the ProxyAddresses attribute in Active Directory Domain Services (AD DS).

As you are probably aware, Microsoft Exchange Server (including in Office 365) uses ProxyAddresses as a way to send email to a user if it is addressed to another domain. There is an easy cmdlet that permits one to do this. But because my premises Exchange server is currently turned off, and I do not want to power it back up only for this, I decided to use the Set-ADUser cmdlet to modify the attribute instead. This is because the ProxyAddresses attribute is stored directly in AD DS. It is a multi-valued attribute, which means that it will accept an array of email addresses.

Today I am going to add two values to the ProxyAddresses attribute for each user in a specific organizational unit. I am not even going to write a script—it is a one-liner.

Query for existing values

I first use the Get-ADUser cmdlet to look for existing values for the ProxyAddress attribute. I am specifically targeting all users in the testou organizational unit from the iammred.net domain. The ProxyAddress attribute is not returned by default; therefore, I need to use the Properties parameter of the Get-ADUser cmdlet to return the ProxyAddress attribute. I use the Select-Object cmdlet to return only the name of the user and any proxy addresses. Here is the command (this is a one-line command that I broke at the pipe character for formatting on the blog page).

Get-ADUser -Filter * -SearchBase 'ou=testou,dc=iammred,dc=net' -Properties proxyaddresses |

Select-object  name, proxyaddresses

There are two reasons that I create this command. The first is so I can ensure that I have the Property (attribute) names correct, and I can see sample data from AD DS. The second reason is I use it to check my results to ensure that the command to modify the values of the attributes completes successfully.

Modify the ProxyAddresses attribute values

Groovy. I know that I can get access to the data. I know how to report the values that are stored in AD DS. Therefore, it is now time to modify the ProxyAddresses attribute values. To do this, I will use the Set-ADUser cmdlet. For this example, I am creating two new proxy addresses. Each will take the following form: UserName@Iammred.org and UserName@Iammred.com. Therefore, I can create these proxy addresses on the fly in my command. I use the following command to make the changes:

Get-ADUser -Filter * -SearchBase 'ou=testou,dc=iammred,dc=net' -Properties proxyaddresses |

Foreach {Set-ADUser -identity $_ -Add `

@{'ProxyAddresses'=@(("{0}@{1}"-f $_.name, 'Iammred.com'),("{0}@{1}" -f $_.name, 'Iammred.org'))} }

Note  The previous command is a single logical line. I broke it at the pipe character, and I added a line continuation character ( ` ) after the –Add parameter. When typing the command into the Windows PowerShell console, it is not necessary to break the command; but instead, you can permit it to wrap.

The command produces no output. Therefore, I use the Up arrow and retrieve my earlier search command. The commands and associated output are shown in the following image.

Image of command output

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hey Ed, nice article... thanks for showing some nice usage of array commands and parameter variables in there.

    One possible correction though, if this is in fact for exchange you need the address type prefix for each value. Assuming these are both additional secondary addresses (not the reply to address) the last line should read something like:

    @{'ProxyAddresses'=@(("smtp:{0}@{1}"-f $_.name, 'Iammred.com'),("smtp:{0}@{1}" -f $_.name, 'Iammred.org'))} }

    Regards,

    -Steve

  • thank you

  • Thanks Ed.

    Just to add to this helpful blog. I recently was tasked to add a secondary proxy address to all the users in our domain that consisted of using "firstinitial.lastname@lammred.com" as an example. So I added to what was given here and came up with the below script. Hope this helps someone.

    $oulocation = Read-host "Enter OU Location"

    Get-ADUser -Filter * -SearchBase "$oulocation" -Properties proxyaddresses | Foreach {Set-ADUser -identity $_ -Add ` @{'ProxyAddresses'=@(("smtp:{0}{1}@{2}"-f $_.GivenName[0],$_.surname, 'lammred.com'))}

  • Hi Ed,
    This is a fantastic article. Can you please tell me how I will be able to change an existing email address and set that as the primary replyto address. I have exported my user's in a csv with two columns, Name and email.

    Thanks
    Omar