Thursday, March 27, 2008

Exchange 2007 Address Management

While I was upgrading our Recipient Address Policies from Exchange 2003 to Exchange 2007, I inadvertently applied each of the policies to all of our user accounts (and contacts!). I searched and searched for a cmdlet that would allow me to easily remove a proxy address, aka: alias. To accomplish this I had to put together many different elements, but in the end it turned out to be an elegant, yet simple solution. In all fairness, our recipient policies were pretty messed up and needed to be overhauled anyway. We recently removed some of the domains protected by our spam filter company (http://www.securence.com). This means that anyone with those addresses would be vulnerable to all spam. So, removing these policies was on my to-do list anyway.

First, I pulled in the EmailAddresses property using the get-mailbox cmdlet. This allowed me to specify which mailboxes I wanted based on which ones had the proxy address listed.

get-mailbox -resultsize unlimited | where-object {$_.EmailAddresses -like "*domain2.com"}


Next, I put all of those addresses into an array named $mailboxes.

$mailboxes = @(get-mailbox -resultsize unlimited | where-object {$_.EmailAddresses -like "*domain2.com"})


Now that my array is populated with all of the mailboxes that have an alias with domain2.com, I can loop through and remove the proxy address. This is a variation of a really neat command that I found on the Exchangepedia Blog. The "-" removes the property from the object. So, the $mailbox variable stores the mailbox object, and then the $mailbox.emailAddresses line specifies that property that I want to change and then I append the alias (first.last in our case) to the "@domain2.com" to tell it which address to remove.

foreach ($mailbox in $mailboxes){$mailbox.emailAddresses -= $mailbox.alias + "@domain2.com"}


Finally, I loop back through the array to commit the changes using the set-mailbox command.

foreach ($mailbox in $mailboxes) {$mailbox | set-mailbox}


That's it. As usual, I am sure that there is a more efficient way to write this script, and if I wanted to spend an extra 30 minutes to an hour refining the script, I could, but really why? At this point I've already run the script. One day when my work load has lightened up a bit and I'm looking for a pet project, maybe I will revisit this. The entire script is below:

$mailboxes = @(get-mailbox -resultsize unlimited | where-object {$_.EmailAddresses -like "*domain2.com"})
foreach ($mailbox in $mailboxes){$mailbox.emailAddresses -= $mailbox.alias + "@domain2.com"}
foreach ($mailbox in $mailboxes) {$mailbox | set-mailbox}



No comments: