Jorge's Quest For Knowledge!

All about Windows Server, ADDS, ADFS & ILM/FIM (It is just like an addiction, The more you have, the more you want to have!)

«
»

(2013-01-28) Fixing The ProxyAddresses Attribute In AD With PowerShell

Posted by Jorge on 2013-01-28


At a customer of mine (no names are or will be mentioned to protect the innocent!) I’m rebuilding their FIM GAL Sync solution. After running the Full Import (Stage Only) Run Profile I started the Full Synchronization Run Profile and during that Run Profile the FIM Sync Engine started to complain about incorrect/unexpected values in the proxyAddresses attribute of CONTACT objects in the target OU of a connected AD forest.

-

After investigating the data health I found out that just over 1700 contacts had a proxyAddress value as shown in the picture below

image

Figure 1: Contact Object With An Incorrect X500 Address

-

Because there were too many objects to do it by hand, creating a PowerShell script was the next step.

I required the following three PowerShell scripts:

  1. Export all the proxyAddresses values of the contacts objects with an X500 address as shown in the figure 1 (a safe measure)
  2. Remove the incorrect X500 address from the proxyAddresses values of the affected contact objects (the cleanup)
  3. Reimport all the proxyAddresses values prior to the removal of the incorrect X500 address (risk mitigating action)

-

[1]

Get-ADObject -SearchBase "OU=CONTACTS-PARTNER.LAN,OU=Org-Users,DC=ADCORP,DC=LAB" -LDAPFilter "(&(objectClass=contact)(proxyAddresses=X500:))" -Properties DistinguishedName,ObjectGUID,proxyaddresses | Select DistinguishedName,ObjectGUID,@{Name='proxyAddresses';Expression={[string]::join(";", $($_.proxyAddresses))}} | Export-Csv -Path .\ContactsWithBrokenX500Addresses.csv

-

[2]

Get-ADObject -SearchBase "OU=CONTACTS-PARTNER.LAN,OU=Org-Users,DC=ADCORP,DC=LAB" -LDAPFilter "(&(objectClass=contact)(proxyAddresses=X500:))" -Properties DistinguishedName,ObjectGUID,proxyaddresses | %{Set-ADObject -Identity $_.ObjectGUID -Remove @{proxyAddresses='X500:'}}

-

[3]

Import-Csv ContactsWithBrokenX500Addresses.csv | ForEach-Object{
    $guid = $_.ObjectGUID
    $proxyAddresses = $_.proxyaddresses -split ';'
    Set-ADObject -Identity $guid -Replace @{proxyAddresses=$proxyAddresses}
}

-

The most tricky part was getting all the values from the multi-valued proxyAddresses attribute and export that to a CSV file

-

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

About these ads

This entry was posted on 2013-01-28 at 22:02 and is filed under PowerShell, Tooling/Scripting. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “(2013-01-28) Fixing The ProxyAddresses Attribute In AD With PowerShell”

  1. Week of January 28: New blogs from Windows Server/System Center MVPs - Server and Cloud Partner and Customer Solutions Team Blog - Site Home - TechNet Blogs said

    2013-01-29 at 01:47

    [...] (2013-01-28) Fixing The ProxyAddresses Attribute In AD With PowerShell  [...]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
%d bloggers like this: