Have you noticed that if you have never had an Exchange server in your Active Directory environment, that it becomes extremely annoying to manage contact objects? I just recently came across this nuisance.
Recently tasked with Domino Notes to Exchange Online migrations, creating contact objects of the Notes mail users that contained the relevant attributes needed to migrate presented me with a truckload of contacts to validate.
Thanks to the powers of automation, the go to cmdlet that comes to mind when opening up my PowerShell console equipped with the AD Module, is:
|
1 |
Get-Contact |
Psych!
But…. But Microsoft……
Turns out, if you want to manage contact objects in AD using PowerShell without the availability of the EMS, the cmdlet you actually want is:
|
1 |
Get-ADObject |
I am sure Microsoft has their reasons, but since I wanted to manage ADSI attributes of my contacts, it left me scratching my head. How am I to bulk change attributes for contact objects using the AD Module in PowerShell?
In my case, I needed to fix the mailNickname attribute as it had been appended with the Notes users e-mail address instead of just the syntax of the username and soon to be mail user alias in Exchange Online.
Well, luckily I was able to put something together after prowling the all knowing Google for answers
|
1 2 3 4 5 6 7 8 9 10 11 |
Get-ADObject ` -SearchBase "OU=users,DC=domain,DC=com" ` -LDAPFilter "objectClass=contact" ` -Properties Name, ObjectGUID, mailNickname | %{ Set-ADObject ` -Identity $_.ObjectGUID ` -Replace @{ mailNickname=$_.Name.split('@')[0] } } |
Using the Get-ADObject cmdlet, I was able to target the OU containing the contacts I wanted to manage and select the Name, ObjectGUID, and mailNickname ADSI attributes for manipulation. I pipe that into a Set-ADObject for each (fun fact: the “%” sign is an alias for: ForEach-Object) of the contacts to replace the mailNickname with the whatever the mailNickname is currently set to, minus the “@” symbol and anything that follows it.
BAM!
One task complete.
The other attribute fix identified itself as the removal of a proxy address from the proxyAddresses ADSI attribute for each contact object. For this task, I was able to target a specific OU containing all the contact objects in question and remove the bad apple proxy address with the following:
|
1 2 3 4 5 6 7 8 9 10 11 |
$OU = [ADSI]"LDAP://OU=Contacts,DC=domain,DC=com" ForEach ($Contact in $OU.PsBase.Children) { $Contact.Get("proxyAddresses") | ?{ $_ -Like "*@notes.domain.com" } | %{ $Contact.PutEx(4, "proxyAddresses", @("$_")) $Contact.SetInfo() } } |
Calling in the LDAP ADSI initiator, and specifying a ForEach, I was able to get each contact (In my case, only contact objects existed in the OU’s I targeted) that had an address like “*@notes.domain.com.” Following this you’ll notice I pipe that into a ForEach contact, set the ADSI proxyAddresses attribute to PutEx 4 to the attribute proxyAddresses and gave it a value of nothing with the blank string ($_).
If that went way over your head like it did for me the first time I saw the method, don’t worry. Microsoft has a great article that clarifies this in much more detail:
HOW TO: Use ADSI to Set LDAP Directory Attributes
PowerShell managed to save me from hours of manual attribute changes after all, even when Exchange was never there.
As always, happy scripting!