joeware - never stop exploring... :)

I was combing through the newsgroups looking for folks in need of assistance and I ran into a relatively interesting problem:

I updated our recipient policy in Exchange 2003 to add a new SMTP domain
name to everyone’s mailbox, it all looked great until I noticed it added the domain to our
custom contacts in the reciepient OU too.  Now these external contacts include this
other smtp address with our domain name.  How can I get rid of these from
this custom contacts and not our AD users with mailboxes?

This would normally be something that will require a script as it has to go through and pick out the one proxyaddress of several in the multivalued proxyAddresses attribute for the contacts. Fortunately this is exactly the kind of things that I have made AdFind/AdMod capable of handling. While you could do this in a script, there is no need.

Paul “Warm” Williams responded with quite a good solution using AdFind/AdMod. I was quite happy to see someone post a fairly advanced command sequence for AdFind/Admod. I know there are people doing it, but I don’t often see them showing others in public forums what it is they have done. Paul being an MVP is quick on the trigger to help out and he likes AdFind/AdMod so that is one of the solutions he presented, here is Paul’s response:

If you're asking how to get rid of the proxyAddress or proxyAddresses added 
to contacts, you can do it in one of three ways:

1.  Manually via the GUI.
2.  Via script or code
3.  Via command-line.


To do this via the command-line, you could do something like this (not 
tested as I'm not near a DC):

adfind -default -rb OU=Recipients -s onelevel proxyAddresses givenName 
sn -adcsv | admod proxyAddresses:-:"{{givenName}}.{{sn}}@domain-name.com"

Note.  Obviously, this depends on the structure of the addresses added by 
the RUS.  Only you can answer which addresses need to be removed and which 
don't.

One option could be to remove all proxyAddresses using the above tools, and 
create a separate policy for that OU, or more specifically any contacts in 
that OU.

-- 
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net  |  http://forums.msresource.net

Again, I was pleased as punch to see that my new mods to AdMod were being used and recommended by folks, that is one of the reasons I took the time to write that code for goodness sakes…

However… The command sequence could be a little tighter so I took the time to respond with a slightly more focused response:

Very smooth… Good job…

I can possibly do you one better… ;o)

Assuming the mail domain name of concern is test.com… You can use something like (all one line…)

adfind -default -rb ou=recipient -f “(proxyaddresses=smtp:*@test.com)” -mvfilter proxyaddresses=@test.com proxyaddresses -adcsv | admod proxyaddresses:-:{{proxyaddresses}} -unsafe

Regardless of what the proxyaddresses were set to in that OU, any object with a proxyaddress with test.com in it will get it cleared.

The thing to be concerned about here is if these addresses were set to be primary…. If that is the case when they are stripped, there will be no primary address on the objects. You can tell by looking to see if the SMTP is capitalized.

Still, I am impressed, good use of the utilities. 🙂

—
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O’Reilly Active Directory Third Edition
www.joeware.net

 

This solution is “better” because I tell AdFind to only return the one proxyAddress for each object that I no longer want; I don’t have to assume it is some fixed format like Paul does in his solution. That is what the -mvfilter (multivalue filter) switch does. I pass in proxyaddresses=@test.com which tells AdFind that when it goes to output the proxyAddresses attribute, it should only output values that have the string @test.com in the value. That gets passed over to AdMod in the ADCSV stream so that now AdMod can simply remove that one value from the proxyAddresses attribute of that object with the simple command:

proxyaddresses:-:{{proxyaddresses}}

As I look at that, I realize I could have made it even more elegant, the command could also be

proxyaddresses:-:{{.}}

But joe… someone asks…. What if there were MULTIPLE values in proxyAddresses that have @test.com and you want to remove them all…. Well for that you have to make a small change to the clear command…

proxyaddresses:–:{{.}}

 Note the addition of the second “-” to indicate that you should remove multiple values…

     joe

P.S. The -unsafe is used with AdMod because I don’t know how many objects need to be changed, if the number of objects is less than 10, you don’t need -unsafe, if the number is greater than 10 then you either need to add -unsafe, -safety, or -upto… See the usage to understand the differences between those different switches.