MS Exchange 'I am not very good at introducing my Scripts. Let me try here. 'This is a script that loop thru AD and remove unwanted SMTP addresses from Users or Groups 'Why? Well, RUS stamps mail-enabled objects with the addresses defined in the Recipient Policies 'IF you add more addresses, RUS will diligently add the addresses to the objects when it next runs 'But, IF you remove an address from RP, RUS will NOT go and remove the addresses from the users that have already been tattooed with those addresses. 'For example, say you use to have domain.com and domainb.net and your exchange servers accepts mail for both and your users have both domain names in their email addresses as defined by your RP 'IF your management then decides that they want to sell domainb.net to someone else, now you will tell your Exchange to stop accepting mails for domainb.net 'And you remove domainb.net from your RP. However, all your users already have email addresses ending in domainb.net and domaina.com 'If you have 20 or even 100 users, this is not a big deal. You can modify the accounts by hand 'However, if you have users numbering in the high hundreds or thousands, this script is for you 'This script will help you remove domainb.net from your users' SMTP/Proxy addresses Const ADS_SCOPE_SUBTREE = 2 Const E_ADS_PROPERTY_NOT_FOUND = &H8000500D ADS_PROPERTY_CLEAR = 1 ADS_PROPERTY_UPDATE = 2 ADS_PROPERTY_APPEND = 3 ADS_PROPERTY_DELETE = 4 Set objShell = CreateObject("Wscript.Shell") Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCOmmand.ActiveConnection = objConnection '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''Search for Users ''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ''''We use this to limit our searches to User accounts only 'uncomment all the lines below 'objCommand.CommandText = _ '"Select sAmAccountName,Name,distinguishedName from 'LDAP://MyDomainController.MyDomain.com/DC=MyDomain,DC=com' " _ ' & "where objectClass='Person' AND objectcategory='User'" 'If we were looking for a SPECIFIC account, or we are just testing this script out to be sure it's not dangerous 'Then the WHERE clause will read as follows ' & "where objectClass='Person' AND objectcategory='User' AND sAmAccountName='specific_User_Account'" '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''Search for Groups ''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ''''We use this to limit our searches to Group accounts only 'uncomment all the lines below 'objCommand.CommandText = _ '"Select sAmAccountName,Name,distinguishedName from 'LDAP://MyDomainController.MyDomain.com/DC=MyDomain,DC=com' " _ ' & "where objectClass='Group' AND objectcategory='Group'" 'If we were looking for a SPECIFIC account, or we are just testing this script out to be sure it's not dangerous 'Then the WHERE clause will read as follows ' & "where objectClass='Group' AND objectcategory='Group'" AND sAmAccountName='specific_Group_Account'" '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF objUserName = objRecordSet.Fields("Name").Value objUserDN = objRecordSet.Fields("distinguishedName").Value Call ChangeProxy(objUserName, objUserDN) objRecordset.MoveNext Loop Set objCOmmand.ActiveConnection = Nothing Set objCommand = Nothing Set objRecordSet = Nothing Set objConnection = Nothing Set objShell = Nothing ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ''''''''''''''''''''''''''''''''' Delete the SMTP Address ''''''''''''''''''''''''''''''' ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Sub ChangeProxy(objUserName, objUserDN) 'Load the other proxy addresses into the property cache Set objCont = GetObject("LDAP://MyDomainController.MyDomain.com/" & objUserDN) 'I could just use GC:// here, but.... objCont.GetInfoEx Array("proxyAddresses"), 0 On Error Resume Next varAddrs = objCont.GetEx("proxyAddresses") 'Now, we are going to loop through each of the email addresses associated with the User in AD For each email in varAddrs 'We can do the deletion either of 2 ways '1. We can say delete any email that does NOT match a certain SMTP address 'If NOT instr(UCASE(email), "MYGOODEMAIL_ADDRESS_SUFFIX") >0 Then ' Wscript.Echo email ' objCont.PutEx ADS_PROPERTY_DELETE, "proxyAddresses", Array(email) ' ObjCont.SetInfo 'End If 'OR '2. We can say delete any email that matches a certain SMTP address 'If instr(UCASE(email), "MYBADEMAIL_ADDRESS_SUFFIX") >0 Then ' Wscript.Echo email ' objCont.PutEx ADS_PROPERTY_DELETE, "proxyAddresses", Array(email) ' ObjCont.SetInfo 'End If 'OR 'We can use Wildcards and match other patterns. 'For example, I encountered a Domain where some garbage Email addresses were being added by some misconfigured RP 'Of course, after fixing the RP, the addresses still remain, so we have to whack them ' These addresses usally start with an "_", like _34324bd@mydomain.com 'If Mid(email, 6,1) = "_" Then ' Wscript.Echo objUserName & " " & email ' objCont.PutEx ADS_PROPERTY_DELETE, "proxyAddresses", Array(email) ' ObjCont.SetInfo 'End If Next 'Clean up Set objCont = Nothing End Sub ''''''''''''''''''''''''''''''''''' '''''''''' The End '''''''''''''''' '''''''''''''''''''''''''''''''''''