During client engagements I often find that basic admin tasks can be overlooked in companies that go through mergers and acquisitions. Teams are often overwhelmed with integrating new accounts and consolidating users to the main company email domain. The result are objects in Active Directory with old stale properties such as old SMTP addresses, which, will stop mailbox migrations.
The two scripts below will first create a CSV based on an array that contains all your valid domains
$validDomains = @("contoso1.com","contoso2.com","etc")
The CSV should be checked but will contain all mailboxes and identify items in “Proxyaddresses” and mark the valid = YES or not valid = NO
1_FindAllowedDomains.ps1
<#
Script create CSV of up to date distribution lists
and find accepted domains
1_FindAllowedDomains.ps1
20/11/23
Jason.Hearse@AzurePremium.com
(Get-ADForest).domains
#>
#Import-module activedirectory
cls
write-host -ForegroundColor Green START
$a=1;
$b=1;
$c=1;
$displaycount=0;
$FailredEmail = @()
$SuccessEmail = @()
$summary = @()
$VerbosePreference = "Continue"
$result = @()
$data = @()
$data2 = @()
$whitelist = @()
$Emails =@()
$item = ''
$users = @()
$Report1 = @()
$group = ''
$groups = $null
$members = ''
$folder = '<USERDirectory>\Exchange\scripts\removeSMTPAlias\'
$logfolder = $folder+'logs'
write-host -ForegroundColor Yellow Create new CSV of Distribution Lists all_proxyaddresses.csv
Get-ADgroup -filter "GroupCategory -eq 'Distribution'" -Properties *| select name, @{Name=’proxyAddresses’;Expression={$_.proxyAddresses -join ';'}} | Export-Csv $folder'all_proxyaddresses.csv' -NoTypeInformation
$validDomains = @("contoso1.com","contoso2.com","etc")
$data = @()
$groups = import-csv $folder'all_proxyaddresses.csv'
ForEach($user in $groups) {
$SMTPAddressList = $user.proxyaddresses
$SMTPAddressList = ($SMTPAddressList -split ';')
foreach ($SMTPAddress in $SMTPAddressList)
{
if ($SMTPAddress -like "smtp:*")
{
Write-Host -ForegroundColor Yellow $SMTPAddress
$email = $SMTPAddress
$SMTPAddress = (($SMTPAddress -split '@')[1])
Write-Host -ForegroundColor green $SMTPAddress
$Property = [Ordered]@{
Name = $User.Name
SMTP = $email
domain = $SMTPAddress
Allowed = "Yes"
}
if ($validDomains -notcontains $property.domain) { $Property.allowed = "No" }
$row = New-Object -TypeName psobject -Property $Property
$data+=$row #End IF
}
}
} #fe
$data| select-object name,smtp,domain,allowed |Export-Csv -Path $folder'allowedDomains.csv' -NoTypeInformation -Encoding UTF8 -Force
The second script will take the CSV and remove all items from “Proxyaddresses” that equal “NO”
2_RemoveSMTPAlias.ps1
<#
Script update CSV of up to date distribution lists
to remove old Domains
2_RemoveSMTPAlias.ps1
15/09/23
Jason.Hearse@AzurePremium.com
#>
#Import-module activedirectory
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
cls
write-host -ForegroundColor Green START
$a=1;
$b=1;
$c=1;
$displaycount=0;
$FailedEmail = @()
$SuccessEmail = @()
$summary = @()
$VerbosePreference = "Continue"
$result = @()
$data = @()
$data2 = @()
$whitelist = @()
$Emails =@()
$item = ''
$users = @()
$Report1 = @()
$group = ''
$groups = $null
$members = ''
$folder = 'C<userdirectory>\Exchange\scripts\removeSMTPAlias\'
$logfolder = $folder+'logs'
#####
$domainFQDN = "contoso.com"
$date = $([System.DateTime]::Now)
$reportdate = $date.ToString("yyyy_MM_dd_HH_mm_ss")
#####
$MailboxNames = $folder+'allowedDomains.csv'
Import-Csv $MailboxNames | foreach {
$name = $_.name
$smtp = $_.smtp
$allowed = $_.allowed
if ( $allowed -eq "no" )
{
try
{
$DLGroup = get-adgroup $name -Properties proxyAddresses
$DLgroup.proxyAddresses.Remove($smtp)
Set-ADgroup -instance $DLgroup
Write-Host "Distribution List '$name' removed '$smtp' successfully." -ForegroundColor Green
$SuccessEmail += $name+','+$smtp
} # end try
catch
{
Write-Warning "[ERROR] with group $name : $_"
$FailedEmail += $name+" - "+$_.Exception.Message
} # end catch
} #end if
} # fe
#####
if ( !(test-path $LogFolder)) {
Write-Verbose "Folder [$($LogFolder)] does not exist, creating"
new-item $LogFolder -Force
}
Write-verbose "Writing logs"
$failedemail |ForEach-Object {"$($b),$($_)"; $b++} | out-file -FilePath $LogFolder\Failed_$reportdate.log -Force -Verbose
$successemail | ForEach-Object {"$($a),$($_)"; $a++} |out-file -FilePath $LogFolder\success_$reportdate.log -Force -Verbose
write-host -ForegroundColor Green STOP
As with all my scripts that remove live items from Active Directory objects the logging is important, the log directory will show success and fails.
Success log would be the rollback information should that be needed.
Fail will give a reason for not removing the item and will need investigation.
As with all scripts ensure you understand the code before running.
Comments