Find AD Objects with an Incorrect TargetAddress

  • Article

When you have a hybrid environment setup with Exchange Online, you’ll notice a new Accepted Domain in the Exchange Online portal.

<domain>.mail.onmicrosoft.com

This domain is used by Exchange on-premises to route mail to a mailbox that has been migrated from Exchange on-premises to Exchange Online. After a mailbox is migrated from Exchange on-premises to Exchange Online, the remaining on-premises object will have its targetAddress Active Directory attribute populated. Typically the new targetAddress attribute will look something like user@domain.mail.onmicrosoft.com. When an on-premises mailbox sends mail to this user, the targetAddress is used to route the mail to the Exchange Online mailbox.

A quick way to view an objects Active Directory targetAddress attribute is through the Active Directory Users and Computers panel. In AD Users and Computers, ensure that Advanced Features has been enabled under the View menu.

advanced-features

Then right click an object, select properties, and you’ll find the Attribute Editor tab present. This tab won’t be present if you haven’t enabled Advanced Features.

attribute-editor

This is only one way to view this attribute. You can also use ADSIEdit or Active Directory Administrative Center.

I recently worked with a customer that found the targetAddress attribute in Active Directory was incorrect for a few mailboxes that had been migrated to Exchange Online. We fixed those few mailboxes, but we wanted to be proactive by looking to see if any other on-premises objects had incorrect targetAddress attributes.

The following PowerShell can be run against on-premises Active Directory and will display any AD user that does not have a targetAddress that ends in mail.onmicrosoft.com.

 Get-aduser -filter {targetAddress -notlike “*.mail.onmicrosoft.com”} -properties * | Select-Object Name,targetAddress

powershell

This query will not return objects that do not have a targetAddress attribute set. It will only return objects that have a targetAddress that does not end in mail.onmicrosoft.com. For this particular customer that I was working with, there ended up being a few more that were incorrect. We weren’t able to determine why they were wrong, but we were able to correct them. High five!!