targetAddress

targetAddress

The targetAddress is a very potent attribute that can be set on the Active Directory user, group, and contact object types.

When the targetAddress is set, all emails sent to the recipient will unconditionally be forwarded to the mail address set in the attribute without delivering a copy to the user mailbox or sending it to group members.

In a hybrid setup, the targetAddress is used by design to forward emails from mail migrated on-premises users to their Office 365 mailbox. It’s often referred to as ExternalEmailAddress, e.g., when used in some PowerShell commands like the following:

Set-MailUser -Identity "Tycho Brahe" -ExternalEmailAddress tycho.brahe@observatory.dk

The Benefit of Using the TargetAddress Attribute

In some scenarios, mail recipients sharing the same mail domain are distributed on two or more mail organizations. E.g., in the hybrid Office 365 scenario, your mail recipients may be split between your local on-premises mail organization and the cloud (Office 365) mail organization.

The distributed mail organization scenario poses a couple of challenges that can be solved by using the targetAddress attribute:

  1. How is the mail system in organization A able to forward emails to recipients in organization B that share the same mail domain?
  2. How can users in organization A lookup recipients in organization B that share the same mail domain?

Both of these challenges can be solved by the use of the targetAddress:

1. Mail Forwarding Using the TargetAddress

In a multiple mail organization setup, one (and only one!) mail organization is authoritative for the mail domain. Being authoritative means that the mail organization knows all mail recipients in the mail domain. The mail system will respond with an SMTP 550 unknown recipient NDR (Non-Delivery-Report) to the sender if it doesn’t know the recipient.

In order for the authoritative mail organization to know all recipients, we need pointers for recipients placed in other mail organizations. For example, a pointer could be a mail-enabled user (non-mailbox mail user) with a targetAddress configured with a forwarding mail address.

The targetAddress should use a forwarding mail domain different from the authoritative mail domain. Otherwise, we’d end up in a loop. E.g., if an on-premises mail organization is authoritative for the “observatory.dk” mail domain, it could use the forwarding domain “observatory.onmicrosoft.com” to forward emails to the Office 365 mail organization.

Non-authoritative mail organizations don’t need to know all recipients. Being non-authoritative means that they will forward any unresolved emails to the authoritative mail organization for further processing.

The authoritative mail organization should always be the target of public MX records.

2. Mail Lookup Using the TargetAddress

Although mail recipients may be spread across multiple mail organizations, it’s a common need that mail users in one mail organization must be able to lookup mail users in other mail organizations sharing the same mail domain name.

To meet this requirement, every mail organization should be able to see all recipients in the mail domain. This can be achieved by ensuring that all organizations have mail objects with pointers to non-local mail recipients. As before, such a pointer could, e.g., be a mail-enabled user (non-mailbox mail user) with a targetAddress configured with a forwarding mail address.

How to Set the TargetAddress Using Easy365Manager

Easy365Manager enables the native AD Users & Computers tool to configure all common attributes needed for Office 365 mailbox and Office 365 license management. This, of course, includes the targetAddress.

Most admins have probably at some point tried to forget the “SMTP:” prefix on the targetAddress, which will completely destroy mail delivery for the recipient – we know this from experience 🙂

But, where all the other tools mentioned in this article will allow you to make mistakes that will ruin your mail delivery, Easy365Manager minimizes the risk by enforcing the validity of the targetAddress attribute. This can potentially save you a lot of troubleshooting.

targetAddress Easy365Manager

For a full feature list of Easy365Manager read this.

If you want to try out Easy365Manager, download the free 30 day trial and experience just how easy Office 365 user management can be.

How to Set the TargetAddress Attribute Using Active Directory Users & Computers

You can directly view and configure the targetAddress attribute using the Active Directory Users & Computers management console.

If you don’t have Easy365Manager then it’s entirely up to you to ensure the entered values are valid. AD Users & Computers makes no sanity check on the configuration you enter.

Keep in mind that targetAddress, like the proxyAddresses attribute, must be prefixed with “smtp:”. However, unlike proxyAddresses, the targetAddress attribute does not care if “smtp” is uppercase or lowercase.

targetAddress - AD Users & Computers
Active Directory Users & Computers

(to expose the Attribute Editor tab in Active Directory Users & Computers you need to enable the Advanced Features view)

How to Set the TargetAddress Attribute Using ADSIEdit

Another tool that allows direct editing of properties is ADSIEdit.

ADSIEdit offers a very raw experience with no particular formatting of the Active Directory data. Unless you feel confident navigating ADSIEdit, you should avoid it. It’s easy to blow up your Active Directory if you don’t know what you’re doing.

Like AD Users & Computers, the ADSIEdit management console does not check the values you enter. So be careful.

targetAddress - AdsiEdit
AdsiEdit

How to Set the TargetAddress Attribute With PowerShell

You can also use PowerShell to view and configure the targetAddress attribute.

To view the configuration of the targetAddress attribute for a user, the following PowerShell cmdlet can be used:

Get-ADUser Tycho.Brahe -Properties targetAddress

Since the targetAddress is not part of the default result set, you must request it explicitly. The command generates output similar to the following:

DistinguishedName : CN=Tycho Brahe,OU=Denmark,DC=observatory,DC=local
Enabled           : True
GivenName         : Tycho
Name              : Tycho Brahe
ObjectClass       : user
ObjectGUID        : f7cc07d7-7c15-447d-876d-c01b0e5a9e38
SamAccountName    : tycho.brahe
SID               : S-1-5-21-1571223705-546034123-413621382-1158
Surname           : Brahe
targetAddress     : SMTP:tycho.brahe@observatory.onmicrosoft.com
UserPrincipalName : tycho.brahe@observatory.dk

To configure the targetAddress attribute for a given user you can use the following PowerShell cmdlet:

Set-ADUser Tycho.Brahe -Replace @{targetAddress='SMTP:tycho.brahe@observatory.onmicrosoft.com'}
Did you like this post? Maybe your friends will too!