Thursday, November 4, 2010

E-mail Recipient Policy Changes In Bulk With Powershell

We are changing our Internet domain that we are using for email, web, etc. Part of this is setting up our exchange accounts to process the new SMTP addresses.

I’m not going to go into the detail of how to roll out new SMTP addresses to all of your accounts.What I wanted to share was a Powershell one-liner that I ended up using to find accounts that were not configured to accept automatic updates to their SMTP addresses.

In ADUC, open up Properties on an account and check the ‘E-mail Addresses’ tab. At the bottom is a check-box labeled “Automatically update e-mail addresses based on recipient policy”. If this checkbox is UNchecked, then policy updates are blocked.

For some reason, some of our accounts had this unchecked (most were checked). So, I wanted a way to find these AD objects and CHECK that box, without having to actually open properties on every object in AD.

Enter Powershell (with the Quest AD Cmdlets, of course)!

The magic one-liner is: 

get-qaduser -IncludedProperties msExchPoliciesExcluded | where {$_.msExchPoliciesExcluded -ne $null} | foreach-object {set-qaduser $_ -ObjectAttributes @{msExchPoliciesExcluded=''} -whatif}

The ‘-whatif’ at the end just tells the command to do a test run. Remove the –whatif to actually make the change (check the checkbox).

I ran the one-liner a second time (minus the ‘foreach-object’ block), changing ‘get-qaduser’ at the beginning to ‘get-qadgroup’ to see if I had any mail-enabled groups that needed to be updated also. I didn’t. If you do, just change ‘qaduser’ to ‘qadgroup’ as needed.

Thanks To:

