Office365 and dirsync – the multiple accounts with the same UPN/mail/proxyaddresses value

For everyone who is working on an Office365 email deployment and using dirsync you are probably familiar with dirsync errors and trying to find the duplicated proxy addresses within AD. For everyone who hasn’t started one of these there are several things which must be unique within the FOREST. Proxy addresses is one of those things that must be unique within the directory. Dir sync will find instances of duplicated proxy addresses and will error on those objects.

Running into this at work I decided to see if someone had done the heavy-lifting of writing a script before me to find duplicated proxy address, mail, and UPN values. I didn’t find anything doing a quick Google that suited my needs and wants.

What this does is it goes out and pulls all of the user, contact, and group objects within the forest, selecting the canonical name, mail, UPN, and proxy addresses values for each. It then puts all of that into a single array. A prompt is put in for what string to look for. Once that is entered a straight search through all of the collected objects is performed with the results of any matches displayed. The input loop is then repeated so I don’t have to recollect all the data each time.

# This code is deliberately inefficient on the Get-ADObject command. The purpose being so the script can be adapted for other
# duplicate searches, such as for the mail user object property being non-unique. One advantage to this code is that it looks for
# all user and contact objects and gets their UPNS, mail, and proxyaddresses values, rather than just those with homeMDB populated. I have seen some
# accounts that have had the mailboxes rudely disassociated leaving proxyaddresses values that are not searchable via EMC/EMS.
#
$domainlist= (get-adforest).domains
foreach ($d in $domainlist)
    {
        Write-host "Processing domain " $d ". Please be patient. This may take some time depending on the number of user objects."
        $userlist = get-adobject -LDAPFilter "(&(objectClass=User)(objectCategory=person))" -Server $d -properties canonicalname,proxyaddresses,mail,userprincipalname | select canonicalname,proxyaddresses,mail,userprincipalname
        $contactlist = get-adobject -LDAPFilter "objectClass=Contact" -Server $d -properties canonicalname,proxyaddresses,mail,userprincipalname | select canonicalname,proxyaddresses,mail,userprincipalname
        $grouplist = get-adobject -LDAPFilter "objectClass=group" -Server $d -properties canonicalname,proxyaddresses,mail,userprincipalname | select canonicalname,proxyaddresses,mail,userprincipalname
	    foreach ($ul in $userlist)
	        {
		        [array]$allobjs += $ul
	        }
	    foreach ($cl in $contactlist)
	        {
		        [array]$allobjs += $cl
	        }
	    foreach ($gl in $grouplist)
	        {
		    [array]$allobjs += $gl
	        }
    }
$total = $allobjs.count
write-host " "
write-host "-------------------"
write-host "Total user and contact objects collected : " $total
$count = 1
$MatchingObjs = $null
write-host " "
write-host "-------------------"
$address= read-Host "Enter search address. Hit ENTER or type exit to exit. : "
If (($address.Length -gt 0) -and ($address -ne "exit"))
    {
        Do
            {
                foreach ($ao in $allobjs)
                    {
                        Write-Progress -Activity "Scanning for" $address -PercentComplete ($count/$total * 100)
                        $MatchFound = $False
                        ForEach ($pa in $ao.ProxyAddresses) 
                            {
                                If ($pa –Match $address)
                                    {
                                        $MatchFound = $True
                                    }
                            }
                        #add matches to array 
                        If ($ao.mail –Match $address)
                            {
                                $MatchFound = $True
                            }
                        If ($ao.userprincipalname –Match $address)
                            {
                                $MatchFound = $True
                            }
                        If ($MatchFound) 
                            {
                                [array]$MatchingObjs += $ao
                            }
                        $count++
                    }
                write-host " "
                write-host "-------------------"
                Write-host "Matching objects:"
                write-host "-------------------"
                foreach ($mo in $MatchingObjs)
                    {
                        write-host $mo.canonicalname
                    }
                write-host "-------------------"
                write-host " "
                $count = 1
                $MatchingObjs = $null
                $address = read-Host "Enter search address. Hit ENTER or type exit to exit. : "
            }
        Until (($address.Length -eq 0) -or ($address -eq "exit"))
    }
Advertisements

Running a different Linux at home now

For years I’ve been using Ubuntu at home, but I finally decided to switch to something else.

It wasn’t one thing in particular that did it, more a collection of things. Ever since I had upgraded to the 13.04 version I had a problem with the system at boot up throwing an error. After some searching I found this was a common issue and had to do with, IIRC, the Gnome components versus some other things. I’d fix it, and then either the next version or some update would come along and re-introduce the problem. I also got tired of opening the software center and getting ads for programs when all I wanted to do was add something like gimp. Even the system updates was buggy, sometimes having to be manually started in order to get updates.

After doing a little research I decide to go with Linux Mint. So far I’ve been impressed. The install was smooth and the end result has been like a breath of fresh air. I haven’t re-installed everything yet but what I have installed has not balked or errored out.

The only thing I found frustrating, as I did with Ubuntu, was getting printers installed. I don’t blame either distro for that. Instead it is the fault of the printer manufacturers who want to hide how their things work. On that I really do wish the printer makers (I’m looking at you Epson, HP, and Brother) would get their act together and start publishing either drivers for Linux that are easy to install or the APIs so that the community could do it.

Boy have I been away or what?

I’ve been seriously bad about keeping this up to date and I’m going to try to get it going again.

To start with I’m going to try to put forward some of the scripts I’ve written for work, sanitized of course to remove data. I’m also going to try to publish some about the things I’m doing outside of work. One of those is working on some new ‘saddle bags’ for my motorcycle.

Comments Off on Boy have I been away or what? Posted in Uncategorized