If you use PowerShell as much as I do to administer Exchange, you'll eventually run into a limitation with some of the Get cmdlets and what attributes they return. Get-User, Get-Mailbox, Get-MailUser, and Get-MailContact only return a sub set of all available object attributes. Most of the attributes returned are mailbox related, which I suppose makes sense since these cmdlets are all Exchange Management Shell based. The problem lies in if you have to query other Active Directory attributes.
For instance, in many of the migration plans I've used from varying platforms to Exchange 2007, the targetAddress attribute is used on a mailbox in order to forward mail to an alternate location while having a mailbox available to migrate data into. The targetAddress is typically not populated for an Exchange mailbox, however, if you do populate it, it reroutes the email to another SMTP address at a server level. Because this attribute is not used on Exchange mailboxes typically, the targetAddress attribute is not accessible from Get-Mailbox. To get around this, I developed a function in PowerShell called Get-LDAPUser, which allows you to query AD objects and return all of their existing attributes.
The function is:
Function Get-LDAPUser ($UserName, $queryDC) {
$domain = new-object DirectoryServices.DirectoryEntry `
("LDAP://$queryDC")
$searcher = new-object DirectoryServices.DirectorySearcher($domain)
$searcher.filter = "(&(objectClass=user) `
(sAMAccountName= $UserName))"
$searcher.findone().getDirectoryEntry()
}
The function is built to search by "user name" or sAMAccountName internally, but can be modified by updating the $searcher.filter string in the function. The function takes two arguments, a user name and preferred domain controller to query. This function uses LDAP calls over ADSI to complete its work. Since we are only doing a read here, you typically will not need any special permissions to read Active Directory attributes. If we were going to be changing them, the function would require elevation if you are not a domain administrator.
An example of the function in use is below:
$prefDC = "labdc1.contoso.com"
$LookupID = "jsmith"
$ADUser = Get-LDAPUser $LookupID $prefDC
You can then query the $ADUser object to return attributes, such as $ADUser.targetAddress. All AD attributes in the present schema are available. This function allows you to look up basically any attribute, and you are no longer tied to what the internal Exchange Get cmdlets are limited to. I've been using this function in almost all my PowerShell scripts, primarily since it can return all Active Directory user attributes, you no longer really need specific mailbox or contact level Get cmdlets.
Eric Gentry
Senior Consultant
Project Leadership Associates
