Autodiscover and Linked Mailboxes

Alexander KireevIT Architect
For different reasons (security, control, business process, merge and so on) some companies use a two Active Directory forest model: one for users and a second for the Exchange service.

There are many good articles regarding configuring Autodiscover for a Cross-Forest implementation, so I will not repeat that here, but here are some examples:
But for automatic work of the Autodiscover service to function (Outlook's automatic configuration with one click) it is necessary to satisfy one condition: attribute «mail» of user account should have an email address. In the case of Linked Mailboxes and two AD forests this attribute does not set when creating the mailbox.

In the case of a bigger organization (more than 500 users) it would be impractical to set the email address for each person manually. The Powershell script below resolves this issue.

The script takes all linked mailboxes, reads the «Linked Master Account» and «PrimarySmtpAddress» and then writes the email address into the appropriate account in the user Active Directory domain.

  • You will need to change the default values of variables (IP address of Domain Controller, Distinguished Name of OU with users, short name of the user AD domain and path to a log file) to yours.
  • You should enter the administrator’s credential twice: first for access to Exchange by Powershell (the script needs only access to the «get-mailbox» cmdlet) and second for Active Directory in the user forest (for change «mail» attribute).
  • The script should be run from the Exchange AD forest.
  • The script checks the previous value of the attribute «mail» and writes a new one if it’s not equal.
  • The script writes all changes into the log file.
  • If you plan to run the script from the Exchange Management Shell you need to hide the «Connect-ExchangeServer -auto» cmdlet.
User AD forest/domain: «».
Exchange AD forest/domain: «».

The script:
# Connect to AD and Exchange
                      if (-not(Get-Module -name "activedirectory")) { Import-Module ActiveDirectory | out-null }
                      Connect-ExchangeServer -auto
                      # Variables
                      $TargetDC = "" #IP address of user AD Domain Controller
                      $TargetDCOU = "OU=Company,DC=user,DC=com" #Distinguished name of OU with users
                      $ShortDomainName = "USER\" #Short name of user AD
                      $LogFile = "C:\Script\Mail_Attribute\log.txt" #Path to the log file
                      # Get information from AD to hash tables
                      $arrSourceAD = @{}
                      $arrTargetAD = @{}
                      # Get Exchange Forest credential
                      $credentials_Mail = Get-Credential
                      Get-Mailbox -Credential $credentials_Mail -RecipientTypeDetails LinkedMailbox | ForEach-Object {$arrSourceAD.Add($_.LinkedMasterAccount,$_.PrimarySmtpAddress)}
                      # Get User Forest credential
                      $credentials = Get-Credential
                      Get-ADUser -Credential $credentials -Filter * -SearchBase $TargetDCOU -Server $TargetDC -Properties mail | ForEach-Object {$arrTargetAD.Add($_.SamAccountName,$_.mail)}
                      # Main
                      $date = (Get-Date).ToString()
                      $date | Out-File $LogFile -Append
                      ForEach ($TargetUser in $arrTargetAD.Keys){
                          $TargetUser1 = $ShortDomainName + $TargetUser
                          if ($arrSourceAD.ContainsKey($TargetUser1) -eq "True"){
                              if ($arrTargetAD.$TargetUser -ne $arrSourceAD.$TargetUser1){
                                  $SourceUserEmail = $arrSourceAD.$TargetUser1
                                  $TargetUserEmail = $arrTargetAD.$TargetUser
                                  $TargetUserName = $TargetUser
                                  $LogText = "$date. Account '$TargetUserName'. Attribute 'mail' has been changed from '$TargetUserEmail' to '$SourceUserEmail'."
                                  Write-Output $LogText
                                  # Write to the log file
                                  $LogText | Out-File $LogFile -Append
                                  # Write changes into the user account
                                  Set-ADUser -Credential $credentials $TargetUserName -Server $TargetDC -Replace @{mail="$SourceUserEmail"}

Open in new window

I hope that Microsoft engineers will pay attention to this little issue and fix it in the next cumulative update or in the next generation of Exchange Server.

Good luck.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.