proxyAddresses is a multivalued attribute in Active Directory (AD) used on users, groups, and contacts to facilitate mail delivery.
To configure this attribute using PowerShell, you need the ActiveDirectory Module for PowerShell. This module is part of RSAT (Remote Server Administration Tools) which you need to activate (or download depending on your OS version). It’s available by default on domain controllers.
Before you start editing the proxyAddresses attribute, you should understand the following:
- You must prefix the primary (sending) mail alias with upper case “SMTP:”
- Only one value/alias is allowed to have the upper case “SMTP:” prefix
- You must prefix secondary mail aliases with lower case “smtp:”
- No duplicate values (across all AD objects) are allowed
- Mail addresses must be valid SMTP addresses as per RFC 5322
- Faulty configurations of this attribute can potentially break mail delivery for the recipient
- Active Directory makes no sanity check on values you enter/update/delete
- It’s a multivalued attribute, and wrong commands may unintentionally overwrite existing values
With Easy365Manager you can configure proxyAddresses directly from AD Users & Computers:
But more about that later in this article.
For now, let’s fire up PowerShell!
Export proxyAddresses to CSV
Use the following script to export all proxyAddresses for all AD objects. The script generates one line for each individual value of each proxyAddresses attribute value of each AD object. This means you will have four lines for a user with one primary SMTP alias and three secondary SMTP alias’s.
Import-Module ActiveDirectory
"DN;proxyAddress" | Out-File ".\proxyAddressesBackup.txt"
$Objects = Get-ADObject -LDAPFilter "(proxyAddresses=*)" -Properties proxyAddresses
ForEach ($Object In $Objects) {
ForEach ($proxyAddress in $Object.proxyAddresses) {
$Output = $Object.distinguishedName + ";" + $proxyAddress
Write-Host $Output
$Output | Out-File ".\proxyAddressesBackup.txt" -Append
}
}(if you’re not running it on a DC, make sure you have installed the Active Directory module for PowerShell via RSAT)
Output from the script may look similar to this:
CN=Hans Christian Oersted,OU=Denmark,DC=observatory,DC=local;smtp:hans.c.oersted@observatory.onmicrosoft.com CN=Hans Christian Oersted,OU=Denmark,DC=observatory,DC=local;smtp:hans.c.oersted@observatory.mail.onmicrosoft.com CN=Hans Christian Oersted,OU=Denmark,DC=observatory,DC=local;SMTP:hans.c.oersted@observatory.dk CN=Niels Bohr,OU=Denmark,DC=observatory,DC=local;smtp:niels.bohr@observatory.onmicrosoft.com CN=Niels Bohr,OU=Denmark,DC=observatory,DC=local;smtp:niels.bohr@observatory.mail.onmicrosoft.com CN=Niels Bohr,OU=Denmark,DC=observatory,DC=local;SMTP:niels.bohr@observatory.dk CN=Ole Roemer,OU=Denmark,DC=observatory,DC=local;SMTP:ole.roemer@observatory.dk CN=Ole Roemer,OU=Denmark,DC=observatory,DC=local;smtp:ole.roemer@observatory.onmicrosoft.com CN=Ole Roemer,OU=Denmark,DC=observatory,DC=local;smtp:ole.roemer@observatory.mail.onmicrosoft.com CN=Tycho Brahe,OU=Denmark,DC=observatory,DC=local;smtp:tycho.brahe@easy365manager.com CN=Tycho Brahe,OU=Denmark,DC=observatory,DC=local;smtp:tycho.brahe@observatory.onmicrosoft.com CN=Tycho Brahe,OU=Denmark,DC=observatory,DC=local;SMTP:tbrahe@observatory.dk CN=Tycho Brahe,OU=Denmark,DC=observatory,DC=local;smtp:tycho.brahe@observatory.mail.onmicrosoft.com
Add Single Value to proxyAddresses
The following script will import a single value to the multivalued proxyAddresses attribute. Any existing values are kept.
Import-Module ActiveDirectory
$User = Get-ADUser ole.roemer -Properties proxyAddresses
$User.proxyAddresses.Add("smtp:o.roemer@observatory.dk")
Set-ADUser -instance $UserYou will get an error if you try to import a value that already exists on the same object (but no error is thrown if the value exists on another object!).
Delete Single Value from proxyAddresses
The following script will remove a single entry from the proxyAddresses attribute. Any other existing values are kept.
Import-Module ActiveDirectory
$User = Get-ADUser ole.roemer -Properties proxyAddresses
$User.proxyAddresses.Remove("smtp:o.roemer@observatory.dk")
Set-ADUser -instance $UserFilter proxyAddresses With LDAP Query
If you want to filter out AD objects configured with certain proxyAddresses, you can use an LDAP filter.
As an example, let’s identify all users that have a “.local” mail address (having a .local proxyAddress will block the user from replicating to Azure with Azure AD Connect):
Import-Module ActiveDirectory
$Users = Get-ADUser -LDAPFilter "(proxyAddresses=*.local)" -Properties proxyAddresses
ForEach ($User In $Users) {
ForEach ($proxyAddress in $User.proxyAddresses) {
If($proxyAddress -Like '*.local'){
Write-Host $User.distinguishedName `t $proxyAddress
}
}
}This will get you output similar to the following:
CN=Ole Roemer,OU=Denmark,DC=observatory,DC=local smtp:ole.roemer@observatory.local CN=Tycho Brahe,OU=Denmark,DC=observatory,DC=local smtp:tbrahe@observatory.local
Configuring proxyAddresses with GUI tools
I hope the above code snippets cover your needs in terms of searching and manipulating the contents of the multivalued proxyAddresses attribute.
For some daily configuration tasks, it’s often more convenient to use a graphical user interface (GUI). You have various options to configure the proxyAddresses attribute using a GUI:
Easy365Manager
By far, the easiest way to configure proxyAddresses (and any other AD mail attributes, for that matter) is using Easy365Manager.
With Easy365Manager, you don’t have to switch between multiple admin tools: Everything is possible in the AD Users & Computers tool due to the extra tabs on user and group properties.
With Easy365Manager, you benefit from working in the native user management tool, Active Directory Users & Computers. Easy365Manager adds two new tabs to user properties which include a proxyAddresses editor. It has a flat price, and you can install it on an unlimited number of management servers and PCs.
If you’re fully migrated to Office 365, the Easy365Manager license cost is easily covered by removing your on-premises Exchange Server and the time saved from working in one single, intuitive tool.
Easy365Manager actively checks that values you enter are valid:
- Uniqueness is checked across your domain
- Only a single primary SMTP address is allowed
- Only valid SMTP format is allowed
This ensures your proxyAddresses configuration is always correct and potentially saves you hours of troubleshooting.
To see a complete list of features for Easy365Manager, have a look at this.
You can download the fully functional 30-day trial here.
Active Directory Users & Computers
To configure proxyAddresses using Active Directory Users & Computers, you must enable “Advanced Features”. The attribute then becomes accessible in the “raw” attribute list in the “Attribute Editor” tab.
AD Users & Computers makes no check of the validity of values you enter in proxyAddresses.
ADSIEdit
In ADSIEdit, you see a representation of all object attributes, including the proxyAddresses attribute. It’s an even “rawer” experience than Active Directory Users & Computers with poor formatting, so you must be careful.
ADSIEdit makes no check of the validity of values you enter in proxyAddresses.
Exchange Admin Center
Exchange Admin Center (EAC) offers a better experience with sensible formatting and logical checks of changes before committing them to AD.
However, the backside is the need for an entire Exchange server in case you’re mail migrated to Office 365.
Although the on-premises Exchange license is free, the indirect costs of management, troubleshooting, and virus risks can be substantial.
Also, it’s inconvenient and time-consuming to switch to EAC to make changes to users and groups since you manage users and groups inside the Active Directory Users & Computers tool.
Summary
As seen, there are many options to manage your email attributes. Which one you prefer is up to personal taste.
If you’re interested in trying out Easy365Manager, there is a free and fully functional 30-day trial that you can download, install and configure in less than five minutes.
Please refer to our FAQ for any question you may have regarding Easy365Manager, or feel free to reach out to our support team.