0

So I am in the process of learning PowerShell in the hopes of cleaning up active directory and was looking for a little help, My issue is that multiple users may share multiple proxy addresses but no two users will share there primary SMTP address.

I'm attempting to use:

Get-ADUser -Filter "proxyAddresses -like {$_ -cmatch 'SMTP:'}" | Disable-ADAccount -WhatIf

from a list of emails I only want to disable users where the email and primary SMTP match, however when attempting this as shown above I get 0 matches.

As soon as I use the regex above I get no matches however If I use *$_* I will get matches from multiple different users with the same secondary proxy addresses.

Any advice on how I can move forward/ a better angle to come at this issue from would be greatly appreciated.

I'm now coming at this from a more sensible position I'm now using Get-aduser test -properties proxyaddresses | %{$_.proxyaddresses}|?{$_ -cmatch 'SMTP:'} and am going to create a loop along the lines of...

get ad user from smtp
if aduser primary SMTP is a match to current email then move and disable ad account 
else display warning about duplicate smtp 
endif
Alasdair
  • 1
  • 2
  • 1
    Your strategy isn't clear. The ProxyAddresses attribute is essentially a string array. The code you're using is going to return the primary proxyaddress, but that's it. All users are likely to have a primary so there's really no filtering happening before you pipe to the `Disable-ADAccount` command. So the question is what are the criteria you are trying to filter on? – Steven Oct 22 '21 at 12:27
  • You probably want `$emails |%{ Get-ADUser -Filter "proxyAddresses -like 'SMPT:$_'" -Properties ProxyAddresses}`. Note that Active Directory doesn't support case-sensitive mathing rules in LDAP filters, so you need to inspect the values of the property with `-cmatch` (or `-clike` or `-ceq`) in PowerShell afterwards – Mathias R. Jessen Oct 22 '21 at 12:53
  • I was unaware that case sensitive matching in LDAP filters is not possible making this solution rather unfeasible, now knowing this I think my best method of resolving this issue would be to use regex to get the users UPN using there email address as it should be a bit more simple to do however less effective than direct email matching to the user, thank you for the guidance – Alasdair Oct 23 '21 at 13:42

0 Answers0