Commonly recommended is the field deployment of matching (primary) SMTP/E-mail and SIP addresses in an Exchange 2013/2010/2007 and Lync 2013/2010 environment. Specifically, the E-mail/SIP address domain is chosen to be identical to the public SMTP address of an organization (such as @outside.com), which is likely to differ from that of the internal Active Directory (DNS) namespace (such as @inside.com). This makes life easier for both System Administrators and end-users from the design, setup/configure, roll-out right up to support in the entire life-cycle management process.
A consistent SMTP E-mail address format for users in a AD domain can be automatically enforced using Exchange’s E-mail Address Policy. This can be configured for one or more E-mail domain namespaces, from the main, primary SMTP domain (such as @outside.com) to others that must be maintained due to acquisitions or mergers (such as @external.com), for instance.
In an organization where home-grown tools, scattered (and often undocumented) scripts and third party products come together, situations may arise where users’ working SMTP/E-mail address may inadvertently be overwritten by one or more of the aforementioned sources. The consequences? Deviation from the standard format established as the official primary address domain. Affected users are no longer searchable or listed in the Global Address Book (GAL), nor can they correspond with internal or external parties through electronic mail (mail recipient/non-delivery NDR problems). This can significantly degrade Lync functionality which rely heavily on Exchange features, notably Exchange Web Services (EWS), while wrongly masquerading as Lync “problems”.
Checks for this behaviour leads us to the clue pointing to the msExchPoliciesExcluded Exchange property in AD. This and other attributes without any values assigned will not show up via Get-ADuser $userID -properties *. In other words, mailbox-enabled Exchange users with an empty msExchPoliciesExcluded property will have their SMTP addresses routinely updated by Exchange Email-Address Policies which are in force to conform with established standards (option ticked*). A user can have multiple SMTP/E-mail addresses assigned but only one designated as the primary (SMTP instead of smtp visually identifiable as bold characters).
If your organization elects to enforce specific E-mail Address Policy without using (or explicitly overwrite) the equivalent policy in Exchange, say via customized provisioning scripts or migration tools, Set-ADUser is the cmdlet from the PowerShell Module for Active Directory to call upon to populate this multivalued attribute i.e. msExchPoliciesExcluded must not be empty and should correspond to user’s properties in the Exchange Management Console, GUI (option unchecked)*. Then again, how and what value to write into this AD property?
../to be continued
* [ ] Automatically update e-mail addresses based on e-mail address policy
2 Comments »
2 Responses to “TIP #1306: Lync PowerShell - Working with AD/Exchange Attributes (Part 1B)”
Leave a Reply
You must be logged in to post a comment.