Thursday 2 July 2015

Does the Active Directory user have an Exchange Mailbox?

Part of a script I built to deal with starters and leavers is to hide a leavers mailbox from the GAL.

I do this because
• We do not re use user objects, we keep them in a disabled state so references to sAMAccountNames in audit logs are valid.

• Leaver’s mailboxes stay online for 3 months after a leave date, as frequently the line manager may require access.

• After 3 months we archive and remove leavers exchange mailboxes, but as above the user object stays.

All leavers accounts are in a generic “leavers OU”

To hide the account from the GAL, the script loops through each user in the leavers OU and if the hidden from GAL attribute on the mailbox isn’t true, it sets it.

Simple enough,  but there will be users in there who no longer have Exchange mailboxes as they have been archived.  So the script errors all over the place because the get-mailbox $user part of the script fails for those objects.
So, I want to wrap an IF statement in the loop to only look for the variable if the user has an exchange mailbox.

How would I know? There are lots of obvious attributes I can think of, but how do I know that they are removed when the mailbox is disabled / gone.

So quite simply, I took a dump of get-aduser $user BEFORE disabling the mailbox, and then after and compared them.

The following attributes have data in them when a mailbox is present, and are null when a mailbox is disabled.

EmailAddress
homeMDB
legacyExchangeDN
mail
mailNickname
mDBUseDefaults
msExchDumpsterQuota
msExchDumpsterWarningQuota
msExchELCMailboxFlags
msExchHomeServerName
msExchMailboxGuid
msExchMailboxSecurityDescriptor
msExchMailboxTemplateLink
msExchMobileAllowedDeviceIDs
msExchMobileMailboxFlags
msExchOWAPolicy
msExchPoliciesIncluded
msExchRBACPolicyLink
msExchRecipientDisplayType
msExchRecipientTypeDetails
msExchTextMessagingState
msExchUserAccountControl
msExchVersion   
proxyAddresses
showInAddressBook
textEncodedORAddress 


I used msExchMailboxGuid in my script


Foreach ($user in $leavers)
{
      If ($user.msExchMailboxGuid)
      {
             $mailbox = Get-mailbox $user.samacountname
             If ($mailbox. HiddenFromAddressListsEnabled -eq $False)
             {
                    Try
                    {
                              Set-Mailbox -Identity $User.SamAccountName -HiddenFromAddressListsEnabled $True
                    }
                    Catch
                    {
                             $_.exception.message
                    }
            }
      }
}
Posted by Marc at 12:18 5 comments
Labels: , , , , , ,
Subscribe to: Posts (Atom)