Powershell Bulk AD attribute change

Because we have a .local for our AD domain, thats not routable with O365 so i am having to go into the proxyaddress AD attribute of each user and remove the .local addresses for smtp .  Is there a way that this can be done in bulk?
LVL 1
leadthewayAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
Exchange address policies, PowerShell, ADmodify.NET or similar.
1
leadthewayAuthor Commented:
I can't find admodify any longer...looks like its not supported or even downloadable
0
FOXActive Directory/Exchange EngineerCommented:
Your best bet for this scenario is powershell.  
In you Exchange Management Shell you can run:

Get-Mailbox -Resultsize Unlimited | %{Set-Mailbox -EmailAddresses @{Remove="*.local"}

ref link:  https://o365info.com/remove-email-addresses-using-powershell-office-365-part-12-13/
Scroll down to : Remove all E-mail addresses that have a specific domain name | Bulk mode.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

leadthewayAuthor Commented:
Well put this together and it seems to remove the addresses in EMS, but AD attribute for proxyaddress still show the .local

$OUScope = "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local"
$N = 0
Write-Host "Searching mailboxes in $OUScope...."
foreach($Tmailbox in Get-Mailbox -organizationalunit  $OUScope -ResultSize Unlimited) 
                {
                $Tmailbox.EmailAddresses | ?{$_.AddressString -like '*@domain.local'} | %{
                Set-Mailbox $Tmailbox -EmailAddresses @{remove=$_}
                Write-host "Removing $_ from $Tmailbox Mailbox"
                $N++
                }
}

Open in new window

0
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Yes, it is:
It has to be run from PowerShell with privileges and in the exchange server
try{
	Import-Module ActiveDirectory
}
catch{
	write-error "Unable to load AD CS module. $($_.Exception.Message)"
	exit -1
}
try{
	Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
}
catch{
	write-error "Unable to load Exchange 2013 SnapIn $($_.Exception.Message)"
	exit -1
}


$Allusers = Get-ADUser -Filter * -Properties SamAccountName, EmailAddress, ProxyAddresses

Foreach ($user in $Allusers) {
    write-host -ForegroundColor Cyan "Processing user $($user.SamAccountName)"
    if($user.ProxyAddresses.count -gt 0){
        ForEach ($proxy in $user.ProxyAddresses) {
            If (   ($proxy.StartsWith("SMTP:") -or $proxy.StartsWith("smtp:")) -and $proxy -like "*.local") {
               Write-host -ForegroundColor Yellow "Removing address $proxy for user $($user.SamAccountName)" 
                    set-mailbox $user.SamAccountName -emailaddresses @{remove="""$proxy"""}
            }
        }
    }
    else{
        write-host "No ProxyAddress for user: $($user.SamAccountName)"
    }
}

Open in new window

0
FOXActive Directory/Exchange EngineerCommented:
On the AD side:
Get-ADUser -filter * -property proxyaddresses | %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*.local"}
0
leadthewayAuthor Commented:
hmmm that seems to work but doesn't..lol

Processing user ssomebody
Removing address smtp:ssomebody@domain.local for user ssomebody
WARNING: The command completed successfully but no settings of 'domain.local/Water Reclamation
Facility/Users/Plant-Operators/Scott Somebody' have been modified.
0
leadthewayAuthor Commented:
so with Get-ADUser -filter * -property proxyaddresses | %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*.local"}

can i specify scope so i can do one OU at a time as in the exchange script?
0
FOXActive Directory/Exchange EngineerCommented:
WARNING: The command completed successfully but no settings of 'domain.local/Water Reclamation
Facility/Users/Plant-Operators/Scott Somebody' have been modified.
Report Comment<<<Usually a message like this means it has already been done or the setting it is looking for is not there.
0
FOXActive Directory/Exchange EngineerCommented:
Of course you can set the scope to the specific OU
0
leadthewayAuthor Commented:
well it said removing, and if it was already moved i got an error saying it didn't exist.  Weird
0
leadthewayAuthor Commented:
can you show me how that would look with a foreach loop?
0
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Yes you can set it to a specific ou just need to refine the line 17

$Allusers = Get-ADUser -Filter * -searchOu "OU=Servers,DC=<domain>,DC=local" -Properties SamAccountName, EmailAddress, ProxyAddresses

Open in new window


Btw those ones that aren't changed it's because they are system's users.
0
leadthewayAuthor Commented:
what do you mean systems users?, its giving that same message for all users
0
FOXActive Directory/Exchange EngineerCommented:
Get-ADUser -property proxyaddresses -searchbase "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" | %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*.local"}
0
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
System users =
guest
kbrt
etc.

try fox answer
it worked for me in a Exchange 2013 env
1
leadthewayAuthor Commented:
Yeah that’s what I thought of when thinking of system. But these were all user accounts
0
leadthewayAuthor Commented:
when i run that   i get

l" | %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*.local"}
>>
>>



it doesn't run.  I'm on exchange 2010
0
FOXActive Directory/Exchange EngineerCommented:
Syntax error...needed another close bracket at the end

 %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*.local"}}
0
leadthewayAuthor Commented:
ok it ran that time but now prompts?
cmdlet Get-ADUser at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Filter:
0
FOXActive Directory/Exchange EngineerCommented:
Filter: *
0
leadthewayAuthor Commented:
that just throws it back out to a PS C:\Windows\system32>
0
FOXActive Directory/Exchange EngineerCommented:
Command completed without error if it did that
0
FOXActive Directory/Exchange EngineerCommented:
Get-ADUser  -filter * -property proxyaddresses  -searchbase "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" | %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*.local"}}
0
leadthewayAuthor Commented:
same...Is it because we aren't telling it what AD user to return?
0
FOXActive Directory/Exchange EngineerCommented:
when you say same, what are you talking about? same what?   When you use filter * it is pulling all your users in the searchbase of the OU have have set in the command.

Have you checked your users to see if the proxy address you want removed is gone?  If you would like to see some out put of the file let's add the -verbose command.

Get-ADUser  -filter * -property proxyaddresses  -searchbase "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" | %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*.local"} -verbose}
1
leadthewayAuthor Commented:
VERBOSE: Performing the operation "Set" on target "CN=domain user,OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local"  looks like it runs but the smtp:duser@domin.local still exists
0
FOXActive Directory/Exchange EngineerCommented:
Fair enough.  I want you to put the actualdomain name in the command like so:

Get-ADUser  -filter * -property proxyaddresses  -searchbase "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" | %{Set-AdUser $_.Samaccountname -Remove @{Proxyaddresses="*@domainname.local"} -verbose}
0
leadthewayAuthor Commented:
yeah i was playing with that too.. same result..frustrating for sure
0
FOXActive Directory/Exchange EngineerCommented:
so you are saying it is not throwing any error but the smtp is still there?
Let's do a test on one user then:

Get-ADUser  youradusername -property proxyaddresses  | Set-AdUser  -Remove @{Proxyaddresses="*@domain.local"} -verbose
0
leadthewayAuthor Commented:
nada same result
0
FOXActive Directory/Exchange EngineerCommented:
Lead- Let's go to your exchange management Shell

Get-Mailbox -OrganizationalUnit  "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" -Resultsize Unlimited | %{Set-Mailbox  -Remove @{EmailAddresses="smtp:*@domainname.local"} -verbose}
0
leadthewayAuthor Commented:
says -remove is ambiguous
0
FOXActive Directory/Exchange EngineerCommented:
My syntax was incorrect:  Try

Get-Mailbox -OrganizationalUnit  "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" -Resultsize Unlimited | %{Set-Mailbox  -EmailAddresses @{Remove="smtp:*@domainname.local"} -verbose}
0
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
It's because the remove goes inside, like in my example:
 set-mailbox "sam" -emailaddresses @{remove="""$proxy"""}
1
leadthewayAuthor Commented:
Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
   PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed

Pipeline not executed because a pipeline is already executing. Pipelines cannot be executed concurrently.
    + CategoryInfo          : OperationStopped: (Microsoft.Power...tHelperRunspace:ExecutionCmdletHelperRunspace) [],
   PSInvalidOperationException
    + FullyQualifiedErrorId : RemotePipelineExecutionFailed


cmdlet Set-Mailbox at command pipeline position 1
Supply values for the following parameters:
Identity:
0
FOXActive Directory/Exchange EngineerCommented:
Get-Mailbox -OrganizationalUnit  "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" -Resultsize Unlimited | %{Set-Mailbox $_.Alias -EmailAddresses @{Remove="smtp:*@domainname.local"} -verbose}
0
leadthewayAuthor Commented:
that ran, but same as before, acts like its running but says no settings have been modified
0
FOXActive Directory/Exchange EngineerCommented:
Run the below command and verify if the smtp alias you want removed is there or not


Get-Mailbox -OrganizationalUnit "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" -resultsize Unlimited | Select -ExpandProperty:Emailaddresses
0
leadthewayAuthor Commented:
that command returns back to prompt, even with -verbose
1
FOXActive Directory/Exchange EngineerCommented:
Open a new shell session and run that command

Get-Mailbox -OrganizationalUnit "OU=Cashier,OU=Users,OU=Finance,DC=domain,DC=local" -resultsize Unlimited | Select -ExpandProperty:Emailaddresses
0
leadthewayAuthor Commented:
ok that ran, and yes. The .local addresses still in there
0
Jian An LimSolutions ArchitectCommented:
I use the below code multiple times and it works well
$Mailboxes = Get-Mailbox -result unlimited
$Mailboxes | foreach{
    for ($i=0;$i -lt $_.EmailAddresses.Count; $i++)
    {
        $address = $_.EmailAddresses[$i]
        if ($address.IsPrimaryAddress -eq $false -and $address.SmtpAddress -like "*@*.local" )
        {
            Write-host($address.AddressString.ToString() | out-file c:\addressesRemoved.txt -append )
            $_.EmailAddresses.RemoveAt($i)
            $i--
        }
    }
    Set-Mailbox -Identity $_.Identity -EmailAddresses $_.EmailAddresses
}

Open in new window


From <https://www.exchangecore.com/blog/powershell-removing-secondary-smtp-addresses-specified-domain/>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.