Differences in Email Attribute Between UPA and Active Directory

There may be times when you receive a report where a user's email address in Active Directory (AD) differs from the one found in User Profile Application (UPA) for that user's profile. This usually occurs after a user has changed their email address in Active Directory and the UPA has not correctly picked up the change. Below you will find a PowerShell script that helps you identify these scenarios. It will loop through every profile in a UPA and obtain the email address. It then looks up that user by their ID in AD and compares the email address obtained from the UPA with the one stored in AD.

The output will be a comma delimited set of values which you can easily import into Excel. Hope you find this helpful!

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

$fileForOutput = "C:\YourFilePath\Output.txt"
#Print Headers
("" + "ACCOUNT ID" + "," + "EMAIL IN UPA" + "," + "EMAIL IN AD" + "," + "NOTES") | Out-File $fileForOutput -Append

#Load required assemblies for SP and UPA
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")

#Create new context object
$contextWeb = New-Object Microsoft.SharePoint.SPSite("https://CanUseCAURL")
$serverContext = [Microsoft.Office.Server.ServerContext]::GetContext($contextWeb)

#Create connection to UPA and get profiles
$upaManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($serverContext)
$profiles = $upaManager.GetEnumerator()

$count = 0
foreach($profile in $profiles)
{
    $count++
    try
    {
        #Get email address that is stored in UPA
        $userEmailInUPA = $profile.Item("WorkEmail")
        $userAccountNameInUPA = $profile.AccountName

        #Get email address that is stored in AD
        #Get rid of domain
        if($userAccountNameInUPA.contains("\"))
        {
            $slashLocation = $userAccountNameInUPA.indexOf("\")
            $userAccountNameInUPA = $userAccountNameInUPA.Substring(($slashLocation+1),($userAccountNameInUPA.Length - ($slashLocation+1)))
        }

        $searcher = new-object DirectoryServices.DirectorySearcher([ADSI]"") 
        $searcher.filter = "(&(objectClass=user)(sAMAccountName= $userAccountNameInUPA))" 
        $Searcher.CacheResults = $true 
        $Searcher.SearchScope = "Subtree" 
        $Searcher.PageSize = 1000 
        $results = $searcher.findall() 
 
        #If results does not equal 1, can't do comparison
        if($results.Count -eq 0)
        {
            ("" + $userAccountNameInUPA  + "," + $userEmailInUPA + "," + "NA" + "," + "User Not Found in AD") | Out-File $fileForOutput -Append
            continue
        }
        elseif($results.Count -gt 1)
        {
            ("" + $userAccountNameInUPA  + "," + $userEmailInUPA + "," + "NA" + "," + "Multiple Users Found in AD") | Out-File $fileForOutput -Append
            continue
        }
        elseif($results.Count -eq 1)
        {
            $result = $results[0]
           
            #Get email address if they have one
            [string]$adEmailValue = ""
            if($result.Properties["proxyaddresses"].Count -gt 0)
            {
                $adEmailValue = $result.Properties["proxyaddresses"][($result.Properties["proxyaddresses"].Count -1)]
                if($adEmailValue.IndexOf("SMTP:") -eq 0)
                {
                    $adEmailValue = $adEmailValue.Substring(5)
                }
            }
        }

        #Compare the email found in UPA with what is in AD
        if(($adEmailValue -eq $null) -and ($userEmailInUPA -eq $null))
        {
            ("" + $userAccountNameInUPA +  "," + $userEmailInUPA + "," + $adEmailValue + "," + "Match") | Out-File $fileForOutput -Append
        }
        else
        {
            if($adEmailValue -eq $userEmailInUPA)
            {
                ("" + $userAccountNameInUPA + "," + $userEmailInUPA + "," + $adEmailValue + "," + "Match") | Out-File $fileForOutput -Append
            }
            else
            {
                ("" + $userAccountNameInUPA + "," + $userEmailInUPA + "," + $adEmailValue + "," + "Does Not Match") | Out-File $fileForOutput -Append
            }
        }
    }
    catch
    {
        #Silently skipping any failures. Feel free to put your own logic here
    }
      
}
$count | Out-File $fileForOutput -Append