3 min read
Archive ActiveDirectory Users and their Mailbox
One of my company’s requirements is the retention time of 10 years for user accounts and their mailbox data, I have to admit, this might not be common or even recommended. However I have to deal with it.
One problem to face is the availabilty of user account names, by the number of about 500 employees there’s a hight change that two or even more people are having the same name.
To clean up the available names in the system I’ve written a script that renames a users identity and the mailboxes address. So let’s see what this script does:
- Filter all disabled users having an mailbox and who are visible in the exchange address book.
- Hide the mailbox address in all exchange addressbooks.
- Rename the ActiveDirectory user object by salting the name with the user's SID.
- Do the same for the mail addresses
#--------------------------------------------------#
# settings
#--------------------------------------------------#
$ExchangeServer = "vblw2k8mail05"
$FilterRecipientTypeDetails = @("UserMailbox","RemoteUserMailbox")
#--------------------------------------------------#
# functions
#--------------------------------------------------#
function Rename-ADUserAndMailbox{
param(
[Parameter(Mandatory=$true)]
$ADUser,
[Parameter(Mandatory=$true)]
$MailBox
)
$ArchivedIdentity = ($($ADUser.SID).tostring() -replace "-","").substring(20)
if(-not (Get-ADUser -Filter{SamAccountName -eq $ArchivedIdentity} -ErrorAction SilentlyContinue)){
$NewName = "$($ADUser.Name) $($ADUser.SID)"
$NewUserPrincipalName = "$($ADUser.UserPrincipalName.split('@')[0]) $($ADUser.SID)@$($ADUser.UserPrincipalName.split('@')[1])"
$NewSamAccountName = ($($ADUser.SID).tostring() -replace "-","").substring(20)
Write-Host "Rename Name $($ADUser.Name) to $NewName"
Rename-ADObject $ADUser -NewName $NewName
Write-Host "Rename UserPrincipalName $($ADUser.UserPrincipalName) to $NewUserPrincipalName"
Get-ADUser $ADUser.SamAccountName | Set-ADUser -UserPrincipalName $NewUserPrincipalName -Description "archived"
Write-Host "Rename SamAccountName $($ADUser.SamAccountName) to $NewSamAccountName"
Get-ADUser $ADUser.SamAccountName | Set-ADUser -SamAccountName $NewSamAccountName
$NewPrimarySmtpAddress = "$($ADUser.UserPrincipalName.split('@')[0])$($ADUser.SID)@$($ADUser.UserPrincipalName.split('@')[1])" -replace "-",""
$OldPrimarySmtpAddress = $Mailbox.PrimarySmtpAddress
if($Mailbox.psObject.TypeNames -contains "Deserialized.Microsoft.Exchange.Data.Directory.Management.RemoteMailbox"){
$NewRemoteRoutingAddress = "$($Mailbox.RemoteRoutingAddress.split("@")[0])$($ADUser.SID)@$($Mailbox.RemoteRoutingAddress.split("@")[1])" -replace "-",""
$OldRemoteRoutingAddress = $Mailbox.RemoteRoutingAddress
Get-RemoteMailbox $ADuser.Name | %{
Write-Host "Rename PrimarySmtpAddress for $($_.PrimarySmtpAddress) to $NewPrimarySmtpAddress"
Set-RemoteMailbox $_.Alias -PrimarySmtpAddress $NewPrimarySmtpAddress;
Write-Host "Rename RemoteRoutingAddress for $($_.RemoteRoutingAddress) to $NewRemoteRoutingAddress"
Set-RemoteMailbox $_.Alias -RemoteRoutingAddress $NewRemoteRoutingAddress
Write-Host "Remove default mail addresses $OldRemoteRoutingAddress, $PrimarySmtpAddress on $($_.Alias)"
Set-RemoteMailbox $_.Alias -EmailAddresses @{remove = $OldRemoteRoutingAddress, $OldPrimarySmtpAddress}
}
}elseif($Mailbox.psObject.TypeNames -contains "Deserialized.Microsoft.Exchange.Data.Directory.Management.Mailbox"){
Get-Mailbox $ADuser.Name | %{
Write-Host "Rename PrimarySmtpAddress for $($_.PrimarySmtpAddress) to $NewPrimarySmtpAddress"
Set-Mailbox $_.Alias -PrimarySmtpAddress $NewPrimarySmtpAddress
Write-Host "Remove default mail addresses $PrimarySmtpAddress on $($Mailbox.Alias)"
Set-Mailbox $_.Alias -EmailAddresses @{remove = $OldPrimarySmtpAddress}
}
}
}
}
#--------------------------------------------------#
# modules
#--------------------------------------------------#
Import-Module ActiveDirectory
#--------------------------------------------------#
# main
#--------------------------------------------------#
# open remote connection
$PSSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServer/PowerShell/" -Authentication Kerberos
# import
Import-PSSession $PSSession -AllowClobber
$Mailboxes = Get-Mailbox
$RemoteMailboxes = Get-RemoteMailbox
# disable mailbox and remote mailbox
Get-ADUser -Filter{Enabled -eq $false} -Properties mail | where{$_.mail -ne $null} |
%{$ADUser = $_; $Mailboxes | where{$_.Name -eq $ADuser.Name -and $_.HiddenFromAddressListsEnabled -eq $false -and $FilterRecipientTypeDetails -contains $_.RecipientTypeDetails}} |%{
Write-host "Hide mailbox $($_.Name) from address lists.";
Set-Mailbox $_.Name -HiddenFromAddressListsEnabled:$true;
Rename-ADUserAndMailbox -ADUser $ADUser -MailBox $_
}
# disable remote mailbox
Get-ADUser -Filter{Enabled -eq $false} -Properties mail | where{$_.mail -ne $null} |
%{$ADUser = $_; $RemoteMailboxes | where{$_.Name -eq $ADuser.Name -and $_.HiddenFromAddressListsEnabled -eq $false -and $FilterRecipientTypeDetails -contains $_.RecipientTypeDetails}} | %{
Write-host "Hide remotemailbox $($_.Name) from address lists.";
Set-RemoteMailbox $_.Name -HiddenFromAddressListsEnabled:$true;
Rename-ADUserAndMailbox -ADUser $ADUser -MailBox $_
}
# destroy pssession
Remove-PSSession $PSSession
if($error){
Send-PPErrorReport -FileName "activedirectory.mail.config.xml" -ScriptName $MyInvocation.InvocationName
}Latest version of this script: https://gist.github.com/6780143
As always I recommand you to install my project PowerShell Profile to run this script properly.
Categories: scriptingTags: activedirectory , archive , exchange , mailbox , powershell , scripting , snippet
Edit this page
Show statistic for this page