Script repository

Prohibit changing Exchange mailbox addresses except the primary SMTP address

February 18, 2021 Views: 2103
Exchange Property Validation Security User Accounts

The script will cancel modification of an Exchange mailbox or mail-enabled user if an attempt is made to modify any email addresses of an Exchange mailbox except the primary SMTP address. It can be used to control which email addresses users can modify.

To use the script with Adaxes, you need to create a business rule triggered before modifying Exchange properties of a user that runs the script using the Run a program or PowerShell script action.

For more information on retrieving email addresses using Adaxes ADSI API, see E-Mail Addresses.

Parameters:

  • $cancelReason - Specifies the error message for cancelling that will be shown to users by the script.
See Also: Make primary SMTP addresses unchangeable.
Edit Remove
PowerShell
$cancelReason = "You are allowed to modify only the primary SMTP address" # TODO: modify me

# Get Exchange properties set by the action
$modifiedMailboxParams = $Context.Action.MailParameters
if (-not($modifiedMailboxParams.EmailAddressesModificationEnabled))
{
    # E-mail addresses are not modified
    return
}

# Get the modified e-mail addresses
$modifiedAddressesCollection = $modifiedMailboxParams.EmailAddresses
if (-not($modifiedAddressesCollection.OverrideOldValues))
{
    $Context.Cancel($cancelReason)
    return
}

$modifiedEmailAddresses = New-Object "System.Collections.Generic.HashSet[System.String]"([System.StringComparer]::OrdinalIgnoreCase)
for ($i = 0; $i -lt $modifiedAddressesCollection.Count; $i++)
{
    $operation = "ADS_PROPERTY_NONE"
    $modifiedEmailAddress = $modifiedAddressesCollection.GetAddress($i,[ref]$operation)
    $modifiedEmailAddresses.Add($modifiedEmailAddress)
}

# Get the current e-mail addresses
$mailboxParams = $Context.TargetObject.GetMailParameters()
$emailAddresses = $mailboxParams.EmailAddresses

# Compare the number of e-mail addresses
if ($modifiedAddressesCollection.Count -ne $emailAddresses.Count)
{
    $Context.Cancel($cancelReason)
    return
}

# Compare the lists of the modified and current e-mail addresses
for ($i = 0; $i -lt $emailAddresses.Count; $i++)
{
    $operation = "ADS_PROPERTY_NONE"
    $emailAddress = $emailAddresses.GetAddress($i,[ref]$operation)
    $modifiedEmailAddresses.Remove($emailAddress) | Out-Null
}

if ($modifiedEmailAddresses.Count -ne 0)
{
    $Context.Cancel($cancelReason)
    return
}
Comments 0
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers