Validate Email address doesnt exist

Question

Hello,

Was wondering if there is a script for a business rule or a property pattern that can be used for this request. I am wondering how can I do a check anytime a user is modified that checks if the email address (Proxy Address and Mail) values are not already present in the AD. If they are then id like it to error and let the person know that the SMTP address is already taken.

Essentially when editing a user account and assigning it a new email address id like a check to be done to confirm uniqueness and then allow to proceed if its unique. I have something like this but doesnt work and errors no matter what.

Import-Module Adaxes

function IsMailUnique($isOnPremiseObject, $emailAddress)
{
    # Filter to check if the mail address or proxyAddresses already exist
    if ($isOnPremiseObject)
    {
        $filter = {mail -eq $emailAddress -or proxyAddresses -contains "SMTP:$emailAddress"}
    }
    else
    {
        $filter = {mail -eq $emailAddress -or proxyAddresses -contains "SMTP:$emailAddress"}
    }

    $domain = $Context.GetObjectDomain("%distinguishedName%")
    $user = Get-AdmUser -Filter $filter -Server $domain -AdaxesService localhost

    # Return false if no user is found, meaning email is unique
    return $null -eq $user
}

# Check directory type.
$isOnPremiseObject = $Context.TargetObject.DirectoryType -eq 1

# Get the email address and proxy addresses.
$emailAddress = $Context.GetModifiedPropertyValue("mail")
$proxyAddresses = $Context.GetModifiedPropertyValue("proxyAddresses")

# Check if the email address is unique.
if (-not (IsMailUnique $isOnPremiseObject $emailAddress))
{
    # If email is already taken, return True
    $Context.LogMessage("The email address '$emailAddress' is already in use.", "Information")
    return $true
}
else
{
    # If email is unique (not taken), return False
    $Context.LogMessage("The email address '$emailAddress' is available.", "Information")
    return $false
}

Answer 1

Hello Kole,

Have a look at the following script from our repository: https://www.adaxes.com/script-repository/check-whether-email-and-username-are-unique-s347.htm. You will just need to update the criteria part not to check the username. For details on how to build criteria in Adaxes scripts, see https://adaxes.com/sdk/HowDoI.BuildCriteria. The following tutorial might also be helpful: https://www.adaxes.com/help/ValidateModifyUserInputWithScript.

Comments

Hello I am running the script you shared and it doesnt appear to be working. It errors for all email address changes. I have pasted the script in below as well as a screenshot of the business rule I am using. Would like to get this working for both new users and for updating existing users.

$expression = {mail -eq "%mail%"}
$criteria = New-AdmCriteria -Type "user" -Expression $expression
Write-Host $criteria

$criteria = New-AdmCriteria "user" {passwordNeverExpires -eq $true}

# Search for users with the username or email address specified
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.Criteria = $criteria
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.PageSize = 500
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.VirtualRoot = $True
$searcher.SizeLimit = 1

try
{
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    if ($searchResults.Length -ne 0)
    {
        $Context.Cancel("A user with the same username or email address already exists")
        return
    }
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}

---

Hello Kole,

There are a lot of issues in the way you used the script. First of all, Write-Host does not work in Adaxes. You need to use method $Context.LogMessage. Also, for some reason you are creating criteria twice and thus the first one is never used. You need to either remove the below line or create criteria once with combined expression. Finally, the script cannot be used in a condition. If that is your desire, you need to set the $Context.ConditionIsMet variable to true/false instead of calling $Context.Cancel.