Anyone can help with a Script that can check if every X500 address is correctly added to the Users in Exchange 2007.

Hi,

Anyone can help with a Script that can check if every X500 address is correctly added to the Users in Exchange 2007.
Get a txt file created with users and X500 addresses that has a mismatch. Need to check for all users/Groups/Contacts in a OU.

Regards
Sharath
LVL 11
bsharathAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

It depends how you define correct or how you define a mismatch.

The X500 is only any use if it matches the legacyExchangeDN for the account from the previous Exchange organisation, otherwise the address type is pointless.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bsharathAuthor Commented:
Thanks Chris i agree on it.
Its pointless.
Any help on this
If you say its possible shall post a Q...
Can we use a script to Migrate all users in an OU/Mail enable/X500. using admt command line or powershell
As i need to do this for 2 months each day 10 usrs atleast
0
Chris DentPowerShell DeveloperCommented:

ADMT would still be preferable for the initial copy. There's no way PS would be able to copy the existing SID into the SID History.

X500, the simplest way would be a two stage process. On the source domain run something like:


Get-QADUser -SearchRoot "OU=somewhere,DC=domain,DC=com" -IncludedProperties legacyExchangeDN | `
  Select-Object Name, Email, legacyExchangeDN | `
  Export-CSV "LegacyExchangeDN.csv"


Copy the file over to the target, then run something like this to import it:


Import-CSV "LegacyExchangeDN.csv" | %{
  $User = Get-QADUser -Email $_.Email
  If ($User -ne $Null -And ([Array]$User).Count -eq 1)
  {
    $UserDE = $User.DirectoryEntry
    $UserDE.PutEx(3, "proxyAddresses", @("X500:$($_.legacyExchangeDN)"))
    $UserDE.SetInfo()
  }
  ElseIf ($User.Count -gt 1)
  {
    Write-Host "Duplicate Address found: $($_.Email)"
  }
  Else
  {
    Write-Host "Failed to find user for Email $($_.Email)"
  }
}


It can be done from the same place if Connect-QADService is used to connect to the right version of AD prior to running each snippet (by default you're only connected to the current domain).

Chris
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

bsharathAuthor Commented:
Chris thanks
one Q...
Once the Priasoft software migrated the mailbox.
In the migration period the mails sent are failing (Bouncing back)
Any idea what can be done
0
Chris DentPowerShell DeveloperCommented:

I'd need to know the message you get in the non-delivery report.

Chris
0
bsharathAuthor Commented:
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.

I get the above
0
Chris DentPowerShell DeveloperCommented:

Which address is it using? You have a few options here including:

  - Invalid SMTP address
  - Old X400 address
  - Old legacyExchangeDN (which is normally fixed with the X500 address)

It's normally quite easy to spot, when you know what you're looking for.

Chances are it's caused by outlook auto-complete, but it depends on exactly what you're seeing and how the original message was created (new message vs reply).

Chris
0
bsharathAuthor Commented:
There is a migrated user who sent and email to the migrating user and this mappened.
A new email
he was in the TO and a group where he is a member
0
Chris DentPowerShell DeveloperCommented:

> he was in the TO

Sure, but Outlook obscures that field, what you see isn't necessarily all you get.

I can't really tell you must about it without seeing the full NDR.

Chris
0
bsharathAuthor Commented:
Chris

ADMT would still be preferable for the initial copy. There's no way PS would be able to copy the existing SID into the SID History.

X500, the simplest way would be a two stage process. On the source domain run something like:


Get-QADUser -SearchRoot "OU=somewhere,DC=domain,DC=com" -IncludedProperties legacyExchangeDN | `
  Select-Object Name, Email, legacyExchangeDN | `
  Export-CSV "LegacyExchangeDN.csv"


Copy the file over to the target, then run something like this to import it:


Import-CSV "LegacyExchangeDN.csv" | %{
  $User = Get-QADUser -Email $_.Email
  If ($User -ne $Null -And ([Array]$User).Count -eq 1)
  {
    $UserDE = $User.DirectoryEntry
    $UserDE.PutEx(3, "proxyAddresses", @("X500:$($_.legacyExchangeDN)"))
    $UserDE.SetInfo()
  }
  ElseIf ($User.Count -gt 1)
  {
    Write-Host "Duplicate Address found: $($_.Email)"
  }
  Else
  {
    Write-Host "Failed to find user for Email $($_.Email)"
  }
}


It can be done from the same place if Connect-QADService is used to connect to the right version of AD prior to running each snippet (by default you're only connected to the current domain).

For the after i use ADMT to migrate users and Contacts
Can i have the rest into a scipt to do the rest of the jobs please
users/Contacts
Mailenable/X500
Can you help with such a script
0
Chris DentPowerShell DeveloperCommented:

How are you currently identifying which users to migrate with ADMT? It would be best for whatever script we run to use the same identification method.

Chris
0
Chris DentPowerShell DeveloperCommented:

One more bit... mail enabling users. You'll have to tell it which information store to use, will that be the same in all cases?

Chris
0
bsharathAuthor Commented:
New users/Contacts that we create we have them in a new OU.
Store is going to be the same.

0
Chris DentPowerShell DeveloperCommented:

How do you identify them on the source? Because that's where we need to get the target address / legacyExchangeDN fields from.

Chris
0
bsharathAuthor Commented:
Source i will have them on a OU. Seperate ones that are not migrated
0
bsharathAuthor Commented:
Membership fixing is one that we need to thing about too.
0
Chris DentPowerShell DeveloperCommented:

That should be part of ADMT, but I'm sure we've had that discussion before. It's just a lot of work to rewrite membership, work that really shouldn't be necessary.

Chris
0
bsharathAuthor Commented:
Fix membership in ADMT is not working either as we used a lot of different ADMT servers o migrate and one does not know the other databse data :-(
0
bsharathAuthor Commented:
Or can we pull the membership to txt files and then update the destination?
Just an idea...
0
Chris DentPowerShell DeveloperCommented:

heh well you know how to have fun :)

I think you'd be better with a collection of smaller scripts than one big one to handle everything. It's too difficult to debug everything remotely otherwise.

LegacyExchangeDN is above, that should take care of users neatly enough.

For mail enabling, it may just be easier to use this on the destination (Exchange 2007 CmdLets):

Get-User -OrganizationalUnit "OU=somewhere,DC=domain,DC=com" | ?{ $_.RecipientType -eq "User" } | %{
  Enable-Mailbox $($_.DistinguishedName) -Database "SomeExchangeDatabase" }

It only gets users that are not currently mailbox enabled.

Chris
0
bsharathAuthor Commented:
:-)
Get-User -OrganizationalUnit "OU=somewhere,DC=domain,DC=com" | ?{ $_.RecipientType -eq "User" } | %{
  Enable-Mailbox $($_.DistinguishedName) -Database "SomeExchangeDatabase
So the above code is to mail enable all Users/Contacts in the OU if not mail enabled.

What about X500
Can this also be done the same way
Getting info from source AD from apticular u to destination particular OU.?

Membership :-(
0
bsharathAuthor Commented:
I am soooo badly stuck in this migration
Guys from other offices migrated parts and parts from different ADMT's
So not hen migrating users the membership is not fixing
Now until we finish all users migration we are creating new users/Contact/Groups in the Source. So that we need to move each day to destination
thats like 30+ each day

Would have been lost without you.... :-)
0
Chris DentPowerShell DeveloperCommented:

> So the above code is to mail enable all Users/Contacts in the OU if not mail enabled.

Users only.

Mail enabling Contacts should be possible with:


Get-Contact -OrganizationalUnit "OU=somewhere,DC=domain,DC=com" | ?{ $_.RecipientType -eq "Contact" | %{
  Enable-MailContact $($_.DistinguishedName) -ExternalEmailAddress $($_.WindowsEmailAddress) }


I'm hoping WindowsEmailAddress matches up to the mail field, and I'm hoping that it's populated with the correct external email address. If not we'll have to involve the source domain.

Chris
0
bsharathAuthor Commented:
Yes email addresses match correctly
0
Chris DentPowerShell DeveloperCommented:

Membership then.

Hmm didn't we do this before? We had files like this didn't we?

User;Group1;Group2;Group3

We can take the same style and have the same little script fix it on the destination.

Chris
0
bsharathAuthor Commented:
Ya thats perfect
0
Chris DentPowerShell DeveloperCommented:

Are you able to generate the text file? Or does that need doing?

Chris
0
bsharathAuthor Commented:
That needs to be done
0
Chris DentPowerShell DeveloperCommented:

Okie dokie.

Quest again then, users and contacts at the same time, we'll use Email Addresses. Run this and see what the text file looks like?


Get-QADObject -SearchRoot "OU=somewhere,DC=domain,DC=com" `
    -LdapFilter "(&(objectCategory=person)(mail=*)(memberOf=*))" -IncludedProperties mail | %{
  $Groups = [String]::Join(";", $($_.memberOf | %{ (Get-QADGroup $_).Name }))

  "$($_.Mail);$Groups"
} > "GroupMembership.txt"


It's going to take a while to run.

Chris
0
bsharathAuthor Commented:
I get the emailaddress;Groupnames in a row
0
Chris DentPowerShell DeveloperCommented:

Good, that's what it's supposed to do :) The second stage is importing it in the target. I hope this will work.


Get-Content "GroupMembership.txt" | %{
  $Data = $_.Split(";")

  $Object = Get-QADObject -Email $Data[0]

  for ($i = 1; $i -lt $Data.Count; $i++)
  {
    Add-QADGroupMember $Data[$i] -Member $($Object.DN)
  }
}


Chris
0
bsharathAuthor Commented:
I get this

Get-QADObject : A parameter cannot be found that matches parameter name 'Email'.
At line:3 char:33
+   $Object = Get-QADObject -Email <<<<  $Data[0]
    + CategoryInfo          : InvalidArgument: (:) [Get-QADObject], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetGener
   icObjectCmdlet

Add-QADGroupMember : Cannot validate argument on parameter 'Member'. The argument is null or empty. Supply an argument
that is not null or empty and then try the command again.
At line:6 char:41
+     Add-QADGroupMember $Data[$i] -Member <<<<  $($Object.DN)
    + CategoryInfo          : InvalidData: (:) [Add-QADGroupMember], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Cmdlets.AddGroupM
   emberCmdlet2
0
bsharathAuthor Commented:
The membership when pulling has to be pulled from Source domain right and when updating to the destination.
So can i have a connect to option when extracting
So it gets from the source domain. As i will run from destination. So both will be done in one location
get info from Source and apply to the current domain
0
Chris DentPowerShell DeveloperCommented:

Okay... try again...

Chris
#
# Connect to the Source Domain
#

Connect-QADService "dc.domain.com" -Credentials $(Get-Credential)

#
# Export membership
#

Get-QADObject -SearchRoot "OU=somewhere,DC=domain,DC=com" `
    -LdapFilter "(&(objectCategory=person)(mail=*)(memberOf=*))" -IncludedProperties mail | %{
  $Groups = [String]::Join(";", $($_.memberOf | %{ (Get-QADGroup $_).Name }))

  "$($_.Mail);$Groups"
} > "GroupMembership.txt"

#
# Disconnect from source
#

Disconnect-QADService

#
# Connect to destination
#

Connect-QADService "dc.domain2.com" -Credential $(Get-Credential)

#
# Attempt to import membership
#

Get-Content "GroupMembership.txt" | %{
  $Data = $_.Split(";")

  $Object = Get-QADObject -LdapFilter "(mail=$($Data[0]))"

  for ($i = 1; $i -lt $Data.Count; $i++)
  {
    Add-QADGroupMember $Data[$i] -Member $($Object.DN)
  }
}

Open in new window

0
bsharathAuthor Commented:
Thanks
Shall check this now
One Q... here
When we use the Priasoft software to migate mailboxes it creates a Junk Contact in the source AD.
Is there any use of it. Should we add them to the groups by any  to work perfect?
 it works fine
I have seen a case of failure. When a group is expanded in outlook and few members removed from the group and mail sent it  bounces.
Any ideas. For this When we add the junk contacts
0
bsharathAuthor Commented:
The above script i placed it in a Ps1 file and ran it and i get no error and no change
I editted the script to check the Destination OU.
Then placed just 1 user and contact in the OU with th relevant group txt file data
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming Languages-Other

From novice to tech pro — start learning today.