Weekend Scripter: Create Proxy Addresses in Active Directory with PowerShell

Summary: Microsoft Scripting Guy, Ed Wilson, shows how to automatically create proxy addresses in Active Directory Domain Services by using Windows PowerShell.

Microsoft Scripting Guy, Ed Wilson, is here. So I have been talking back and forth with one of the members of the Charlotte Windows PowerShell Users group since my presentation to the group on the first Thursday of the month. One of the questions he has is related to the ProxyAddresses attribute in Active Directory Domain Services (AD DS).

As you are probably aware, Microsoft Exchange Server (including in Office 365) uses ProxyAddresses as a way to send email to a user if it is addressed to another domain. There is an easy cmdlet that permits one to do this. But because my premises Exchange server is currently turned off, and I do not want to power it back up only for this, I decided to use the Set-ADUser cmdlet to modify the attribute instead. This is because the ProxyAddresses attribute is stored directly in AD DS. It is a multi-valued attribute, which means that it will accept an array of email addresses.

Today I am going to add two values to the ProxyAddresses attribute for each user in a specific organizational unit. I am not even going to write a script—it is a one-liner.

Query for existing values

I first use the Get-ADUser cmdlet to look for existing values for the ProxyAddress attribute. I am specifically targeting all users in the testou organizational unit from the iammred.net domain. The ProxyAddress attribute is not returned by default; therefore, I need to use the Properties parameter of the Get-ADUser cmdlet to return the ProxyAddress attribute. I use the Select-Object cmdlet to return only the name of the user and any proxy addresses. Here is the command (this is a one-line command that I broke at the pipe character for formatting on the blog page).

Get-ADUser -Filter * -SearchBase 'ou=testou,dc=iammred,dc=net' -Properties proxyaddresses |

Select-object  name, proxyaddresses

There are two reasons that I create this command. The first is so I can ensure that I have the Property (attribute) names correct, and I can see sample data from AD DS. The second reason is I use it to check my results to ensure that the command to modify the values of the attributes completes successfully.

Modify the ProxyAddresses attribute values

Groovy. I know that I can get access to the data. I know how to report the values that are stored in AD DS. Therefore, it is now time to modify the ProxyAddresses attribute values. To do this, I will use the Set-ADUser cmdlet. For this example, I am creating two new proxy addresses. Each will take the following form: UserName@Iammred.org and UserName@Iammred.com. Therefore, I can create these proxy addresses on the fly in my command. I use the following command to make the changes:

Get-ADUser -Filter * -SearchBase 'ou=testou,dc=iammred,dc=net' -Properties proxyaddresses |

Foreach {Set-ADUser -identity $_ -Add `

@{'ProxyAddresses'=@(("{0}@{1}"-f $_.name, 'Iammred.com'),("{0}@{1}" -f $_.name, 'Iammred.org'))} }

Note  The previous command is a single logical line. I broke it at the pipe character, and I added a line continuation character ( ` ) after the –Add parameter. When typing the command into the Windows PowerShell console, it is not necessary to break the command; but instead, you can permit it to wrap.

The command produces no output. Therefore, I use the Up arrow and retrieve my earlier search command. The commands and associated output are shown in the following image.

Image of command output

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

Comments (11)

Cancel reply

  1. Anonymous says:

    Thanks Ed.

    Just to add to this helpful blog. I recently was tasked to add a secondary proxy address to all the users in our domain that consisted of using "firstinitial.lastname@lammred.com" as an example. So I added to what was given here and came up with the below script.
    Hope this helps someone.

    $oulocation = Read-host "Enter OU Location"

    Get-ADUser -Filter * -SearchBase "$oulocation" -Properties proxyaddresses | Foreach {Set-ADUser -identity $_ -Add ` @{‘ProxyAddresses’=@(("smtp:{0}{1}@{2}"-f $_.GivenName[0],$_.surname, ‘lammred.com’))}

  2. Steve says:

    Hey Ed, nice article… thanks for showing some nice usage of array commands and parameter variables in there.

    One possible correction though, if this is in fact for exchange you need the address type prefix for each value. Assuming these are both additional secondary addresses (not the reply to address) the last line should read something like:

    @{'ProxyAddresses'=@(("smtp:{0}@{1}"-f $_.name, 'Iammred.com'),("smtp:{0}@{1}" -f $_.name, 'Iammred.org'))} }



  3. Omar Butt says:

    Hi Ed,
    This is a fantastic article. Can you please tell me how I will be able to change an existing email address and set that as the primary replyto address. I have exported my user’s in a csv with two columns, Name and email.


  4. Liam Hayes says:

    SMTP needs to be upper case not lowercase. sip to be lowercase:
    Get-ADUser -Filter * -SearchBase ‘ou=2015,ou=Users,dc=wonderful,dc=com’ -Properties proxyAddresses |

    Foreach {Set-ADUser -identity $_ -replace @{‘proxyAddresses’=@(("SMTP:{0}@{1}"-f $_.sAMAccountName, ‘super.net’),("sip:{0}@{1}" -f $_.sAMAccountName, ‘great.com’))} }

  5. tom says:


    Could someone please let me know what "{0}@{1}"-f means?

    Thank you

  6. Matthew says:

    Awesome script, one question though, when i run it, it is not including lower case smtp: in order for exchange to know it is an "alias" address..

    How can i adjust the script to be sure under adsiedit proxyaddress it shows the new email address as smtp:mynewalias@mydomain.com


  7. jeremy says:

    Hi Matthew, you just have to write "smtp:" in lowercase to make secondary proxyaddresses like Steve mentioned it

    @{‘ProxyAddresses’=@(("SMTP:{0}@{1}"-f $_.name, ‘Iammred.com’),("smtp:{0}@{1}" -f $_.name, ‘Iammred.org’))}

    The first address is the Primary (SMTP in uppercase) and the second address is Secondary smtp (aka alias) (smtp in lowercase)

    Anyway, thanks for this scripts

  8. Andrew says:

    Ed and fellow contributors, when I copy and paste this and modify the string to my specific environment, I receive an error message. The error message is at Character 134 which is the beginning of the @{‘ProxyAddresses’… section. Is there something other
    than ProxyAddresses I need to input prior to the rest of the string?

    Here is my string:

    Get-ADUser -Filter * -SearchBase ‘DC=xxxDC=xxx,OU=xxx’ -Properties proxyaddresses | Foreach {Set-ADUser -identity $_ -Add `@{‘ProxyAddresses’ =@(("{0}@{1}"-f $_.name, ‘xxx.com’),("{0}@{1}" -f $_.name, ‘xxx.com’))} }

  9. Josh says:

    Can anyone please tell me what you would enter if you only needed first initial & last name only or first name only or first name & last name? I tried the PS with name and it pulled what ever the name on the account was, example Steve A Smith@yourdomain.com.
    In this example is also put spaces in the address. Any help would be appreciated.

  10. Paul Rigby says:

    Hi, We have a customer that has non standardized email addresses e.g some are forename.surname@example.com e.g test.user@example.com some are intialsurname@example.com e.g tuser@example.com. I am trying to come up with a powershell script which will build
    the proxy address using existing addresses by using the contents before the @ e.g. tuser@example2.com . Can anyone help?

Skip to main content