Make primary SMTP addresses unchangeable

The script makes it impossible for users to change the primary SMTP address of an Exchange mailbox or mail-enabled user.

To use it with Adaxes, you need to create a business rule triggered before modifying Exchange properties of a user that runs the script using the Run a program or PowerShell script action.

For more information on retrieving email addresses using Adaxes ADSI API, see E-Mail Addresses.

Parameters:

$cancelReason - Specifies the error message that will appear when the script cancels email address modification.
$warningMessage - Specifies the warning message when the script cancels stops changing the primary address, but allows performing other operations, for example, adding other email addresses.

See Also: Prohibit changing Exchange mailbox addresses except the primary SMTP address.

Edit Remove

PowerShell

$cancelReason = "You cannot change or delete the primary SMTP address. Operation cancelled." # TODO: modify me
$warningMessage = "You cannot change the primary SMTP address. The 'Set as reply' option won't be applied." # TODO: modify me

# Get Exchange properties set by the action
$modifiedMailboxParams = $Context.Action.MailParameters
if (-not($modifiedMailboxParams.EmailAddressesModificationEnabled))
{
    # E-mail addresses are not modified
    return
}

# Get the current e-mail addresses
$mailboxParams = $Context.TargetObject.GetMailParameters()
$emailAddresses = $mailboxParams.EmailAddresses
$operation = "ADS_PROPERTY_NONE"

# Find the current primary address
for ($i = 0; $i -lt $emailAddresses.Count; $i++)
{
    $emailAddress = $emailAddresses.GetAddress($i,[ref]$operation)
    if ($emailAddress.AddressType -ne "ADM_EXCHANGE_ADDRTYPE_SMTP")
    {
        continue
    }
    
    if (-not($emailAddress.IsPrimary))
    {
        continue
    }
    
    $primarySmtpAddress = $emailAddress
    break
}

# Get the modified e-mail addresses
$modifiedAddressesCollection = $modifiedMailboxParams.EmailAddresses
for ($i = 0; $i -lt $modifiedAddressesCollection.Count; $i++)
{
    $modifiedEmailAddress = $modifiedAddressesCollection.GetAddress($i,[ref]$operation)
    if ($modifiedEmailAddress.AddressType -ne "ADM_EXCHANGE_ADDRTYPE_SMTP")
    {
        continue # Skip non-SMTP addresses
    }
    
    if (($modifiedEmailAddress.IsPrimary) -and ($modifiedEmailAddress.Address -eq $primarySmtpAddress.Address))
    {
        return # The primary address wasn't modified
    }
    elseif ($modifiedEmailAddress.IsPrimary -and $modifiedAddressesCollection.OverrideOldValues)
    {
        $Context.Cancel($cancelReason) # An attempt was made to remove the primary address
        return
    }
    elseif ($modifiedEmailAddress.IsPrimary -and -not($modifiedAddressesCollection.OverrideOldValues))
    {
        # An attempt was made to add a new email address and make it primary
        # Allow adding the address, but make it secondary
        $Context.LogMessage($warningMessage, "Warning")
        $modifiedEmailAddress.IsPrimary = $False
        
        $modifiedMailboxParams.EmailAddresses = $modifiedAddressesCollection
        $Context.Action.MailParameters = $modifiedMailboxParams
        return
    }
    elseif (-not($modifiedEmailAddress.IsPrimary) -and ($modifiedEmailAddress.Address -eq $primarySmtpAddress.Address))
    {
        # An attempt was made to set another existing address as primary
        # Remove this modification, but allow all other modifications
        $Context.LogMessage($warningMessage, "Warning")
        $modifiedEmailAddress.IsPrimary = $True
        
        $modifiedMailboxParams.EmailAddresses = $modifiedAddressesCollection
        $Context.Action.MailParameters = $modifiedMailboxParams
        return
    }
}

Script repository

Parameters:

Got questions?