Janik von Rotz

3 min read

Archive ActiveDirectory Users and their Mailbox

One of my company’s requirements is the retention time of 10 years for user accounts and their mailbox data, I have to admit, this might not be common or even recommended. However I have to deal with it.

One problem to face is the availabilty of user account names, by the number of about 500 employees there’s a hight change that two or even more people are having the same name.

To clean up the available names in the system I’ve written a script that renames a users identity and the mailboxes address. So let’s see what this script does:

  1. Filter all disabled users having an mailbox and who are visible in the exchange address book.
  2. Hide the mailbox address in all exchange addressbooks.
  3. Rename the ActiveDirectory user object by salting the name with the user's SID.
  4. Do the same for the mail addresses
# settings
$ExchangeServer = "vblw2k8mail05"
$FilterRecipientTypeDetails = @("UserMailbox","RemoteUserMailbox")

# functions

function Rename-ADUserAndMailbox{



    $ArchivedIdentity = ($($ADUser.SID).tostring() -replace "-","").substring(20)

    if(-not (Get-ADUser -Filter{SamAccountName -eq $ArchivedIdentity} -ErrorAction SilentlyContinue)){

        $NewName = "$($ADUser.Name) $($ADUser.SID)"
        $NewUserPrincipalName =  "$($ADUser.UserPrincipalName.split('@')[0]) $($ADUser.SID)@$($ADUser.UserPrincipalName.split('@')[1])"
        $NewSamAccountName = ($($ADUser.SID).tostring() -replace "-","").substring(20)

        Write-Host "Rename Name $($ADUser.Name) to $NewName"
        Rename-ADObject $ADUser -NewName $NewName

        Write-Host "Rename UserPrincipalName $($ADUser.UserPrincipalName) to $NewUserPrincipalName"
        Get-ADUser $ADUser.SamAccountName | Set-ADUser -UserPrincipalName $NewUserPrincipalName -Description "archived"

        Write-Host "Rename SamAccountName $($ADUser.SamAccountName) to $NewSamAccountName"
        Get-ADUser $ADUser.SamAccountName | Set-ADUser -SamAccountName $NewSamAccountName

        $NewPrimarySmtpAddress = "$($ADUser.UserPrincipalName.split('@')[0])$($ADUser.SID)@$($ADUser.UserPrincipalName.split('@')[1])" -replace "-",""
        $OldPrimarySmtpAddress = $Mailbox.PrimarySmtpAddress

        if($Mailbox.psObject.TypeNames -contains "Deserialized.Microsoft.Exchange.Data.Directory.Management.RemoteMailbox"){

            $NewRemoteRoutingAddress = "$($Mailbox.RemoteRoutingAddress.split("@")[0])$($ADUser.SID)@$($Mailbox.RemoteRoutingAddress.split("@")[1])" -replace "-",""
            $OldRemoteRoutingAddress = $Mailbox.RemoteRoutingAddress

            Get-RemoteMailbox $ADuser.Name | %{

                Write-Host "Rename PrimarySmtpAddress for $($_.PrimarySmtpAddress) to $NewPrimarySmtpAddress"
                Set-RemoteMailbox $_.Alias -PrimarySmtpAddress $NewPrimarySmtpAddress;

                Write-Host "Rename RemoteRoutingAddress for $($_.RemoteRoutingAddress) to $NewRemoteRoutingAddress"
                Set-RemoteMailbox $_.Alias -RemoteRoutingAddress $NewRemoteRoutingAddress

                Write-Host "Remove default mail addresses $OldRemoteRoutingAddress, $PrimarySmtpAddress on $($_.Alias)"
                Set-RemoteMailbox $_.Alias -EmailAddresses @{remove = $OldRemoteRoutingAddress, $OldPrimarySmtpAddress}

        }elseif($Mailbox.psObject.TypeNames -contains "Deserialized.Microsoft.Exchange.Data.Directory.Management.Mailbox"){

            Get-Mailbox $ADuser.Name | %{

                Write-Host "Rename PrimarySmtpAddress for $($_.PrimarySmtpAddress) to $NewPrimarySmtpAddress"
                Set-Mailbox $_.Alias -PrimarySmtpAddress $NewPrimarySmtpAddress

                Write-Host "Remove default mail addresses $PrimarySmtpAddress on $($Mailbox.Alias)"
                Set-Mailbox $_.Alias -EmailAddresses @{remove = $OldPrimarySmtpAddress}

# modules
Import-Module ActiveDirectory

# main

# open remote connection
$PSSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://$ExchangeServer/PowerShell/" -Authentication Kerberos

# import
Import-PSSession $PSSession -AllowClobber

$Mailboxes = Get-Mailbox
$RemoteMailboxes = Get-RemoteMailbox

# disable mailbox and remote mailbox
Get-ADUser -Filter{Enabled -eq $false} -Properties mail | where{$_.mail -ne $null} |
    %{$ADUser = $_; $Mailboxes | where{$_.Name -eq $ADuser.Name -and $_.HiddenFromAddressListsEnabled -eq $false -and $FilterRecipientTypeDetails -contains $_.RecipientTypeDetails}} |%{
        Write-host "Hide mailbox $($_.Name) from address lists.";
        Set-Mailbox $_.Name -HiddenFromAddressListsEnabled:$true;
        Rename-ADUserAndMailbox -ADUser $ADUser -MailBox $_

# disable remote mailbox
Get-ADUser -Filter{Enabled -eq $false} -Properties mail | where{$_.mail -ne $null} |
    %{$ADUser = $_; $RemoteMailboxes | where{$_.Name -eq $ADuser.Name -and $_.HiddenFromAddressListsEnabled -eq $false -and $FilterRecipientTypeDetails -contains $_.RecipientTypeDetails}} | %{
        Write-host "Hide remotemailbox $($_.Name) from address lists.";
        Set-RemoteMailbox $_.Name -HiddenFromAddressListsEnabled:$true;
        Rename-ADUserAndMailbox -ADUser $ADUser -MailBox $_

# destroy pssession
Remove-PSSession $PSSession

    Send-PPErrorReport -FileName "activedirectory.mail.config.xml" -ScriptName $MyInvocation.InvocationName

Latest version of this script: https://gist.github.com/6780143

As always I recommand you to install my project PowerShell Profile to run this script properly.

Categories: scripting
Tags: activedirectory , archive , exchange , mailbox , powershell , scripting , snippet
Improve this page
Show statistic for this page