Thursday, March 30, 2017

Removing all the bad (email addresses)

With moving to o365, it comes time to get serious about cleaning out all of the invalid smtp domains that we've inadvertently stamped on all our mailboxes. Those other customers where their policy was applied incorrectly and stamped across domains. Objects that moved between customers and took on both domains. That 'default' smtp domain that isn't route-able, but is out there because your customers don't really want your smtp domain stamped on everything.

For this, I've developed two scripts. This first script is a bit of a blunt hammer. I will remove all domains that don't belong to this customer, plus leave any domains.


  1. All customers are sorted into their own OU. I am limiting my search to only their container to avoid removing email domains from objects that belong to other customers. 
  2. All objects have at least one valid email address that should be kept. Since this first one uses native Exchange tools, it won't remove the primary smtp address. 
#Remove all but the primary smtp domain and any domains.


if ($ou -notlike "ou=*") {
    $OuDN = get-organizationalunit $ou
    $ou = $oudn.distinguishedname

write-host "Reviewing objects in: ",$ou

$DomainFilter = "*@"+$PrimarySMTPDomain
$AllRecipients = get-adobject -filter {mail -like $DomainFilter} -properties ProxyAddresses -searchbase $ou -resultsetsize $null

$Index=1;$objCount = $AllRecipients.count; $ModifiedDateStr = "Modified: "+$(get-date).toshortdatestring()

write-host "Found $objCount with $DomainFilter"

Foreach ($m in $AllRecipients) {
    write-progress -Activity "reviewing objects" -Status $ -PercentComplete (($index/$objCount)*100);$Index++    
    $removeThese = $m.ProxyAddresses | ?{$_ -like "SMTP:*" -and $_ -notlike $DomainFilter -and $_ -notLike "*" -and $_ -notLike "*"} | %{$_}
    if ($removeThese) {
        $o = get-recipient $m.distinguishedname
        $n = $null
        if ($o.recipientType -eq "UserMailbox") {
            $n = get-mailbox $o.identity
        } elseif ($o.recipientType -like "mailUniversal*") {  #Some type of group
            $n = get-distributiongroup $o.identity
        } elseif ($o.recipientType -like "mailuser") {  #Some type of group
            $n = get-mailuser $o.identity
        if ($n -ne $null) {
            $removeThese | %{write-host "removing $_ from $n"}
            if ($removethese -is [string]){
                #was getting errors that email address was NULL 
                #  when trying to use foreach loop with single domain.
                $Results = $n.emailaddresses.remove($RemoveThese)
            } else {
                $results = $removeThese | %{$n.emailaddresses.remove($_)}
            if ($o.recipientType -eq "UserMailbox") {
                set-mailbox -identity $n.identity -emailaddresses $n.emailaddresses -customattribute8 $ModifiedDateStr
            }  elseif ($o.recipientType -like "mailUniversal*") {  #Some type of group
                set-distributiongroup -identity $n.identity -emailaddresses $n.emailaddresses -customattribute8 $ModifiedDateStr
            } elseif ($o.recipientType -like "mailuser") {  #Some type of group
                set-mailuser -identity $n.identity -emailaddresses $n.emailaddresses -customattribute8 $ModifiedDateStr
        } else {
            write-host "Error: $o not mailbox or group"
    } else {
        #write-host "nothing to change for $m"

No comments:

Post a Comment