Update to the AAD Connect Remove Proxy Addresses Script

Update to the AAD Connect Remove Proxy Addresses Script

  •  
  •  
  •  
  •  
  •  
  •  
Update to the AAD Connect Remove Proxy Addresses Script
4.7 (93.33%) 3 votes

This week, while working with one of my customers in a custom Office 365 deployment, I had the opportunity to revisit and update one of my scripts (Remove Proxy Addresses via AAD Connect).  I had originally built that script for a large state government Office 365 migration from BPOS-D.  The scenario was that the organizations were in a shared environment and the deployment had a managed subdomain for internal routing and provisioning.

The subdomain was part of the AD proxyAddresses array in the customer’s on-premises environment and required while the mailboxes lived in BPOS-D, but if we synchronized the proxyAddresses as-is to Office 365, we’d receive the error about the managed subdomain not being an accepted domain in the tenant.

Quite the sticky wicket.

So, the solution we worked up was to create an Out-to-AAD rule that would strip the unwanted domains from the user’s proxyAddress array on the export to Office 365, leaving the on-premises attribute in place so it could still be synced to BPOS-D.

Back to my customer at hand:  we were faced with a similar situation (two organizations with a shared Active Directory infrastructure, going to two different tenants) with an added twist: one of the organizations needed to keep legacy domains on their mail-enabled user objects so they could continue to receive mail from the outside world at their old addresses.

The ultimate scenario: Company 1 needed to keep its domains for all 20,000 of its users going to Tenant 1.  Company 2 needed to keep Company 1’s domains as proxy addresses on their users as well, but couldn’t add those domains to Tenant 2 (since they were already verified in Tenant 1).

The original incarnation of the tool just allowed you to specify a single proxy address pattern.  I’ve updated to to support multiple domains.  To use it, just enter the domains comma-separated (or add them to an array variable) and you’re off to the races.

The output at the end will tell you the rule’s name and guid, as well as how it’s configured.

To get the updated script, head out to https://gallery.technet.microsoft.com/AADConnect-Rule-to-Remove-a922e82a. Happy customizing!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.