Displaying non-Exchange AD users in Global Address List
Yesterday and today I’ve been installing and configuring Microsoft Exchange 2010 here. Right now this is just a pilot, for a few people here to try Exchange and see if its worth completing moving over to Exchange from AtMail, the email system that’s currently being used. To make life easier, I wanted to display all Active Directory users in the Global Address List (GAL), including users who don’t have Exchange mailboxes right now. Instead they have the Email attribute set on their user object in Active Directory.
Exchange will only include users who have been mail-enabled and users that have Exchange mailboxes in address lists (as well as groups, rooms, etc). In and of itself, this is frustrating because we now have to modify all the user accounts in AD to mail-enable them (even though they already have an email address attribute, there are additional Exchange attributes that have to be added to the object). To make it worse however, the Exchange Management Console GUI can only do this one user at a time, and it doesn’t use the existing email attribute. So (as far as I can tell) there is no built-in GUI way to mail enable large numbers of users.
Fortunately, since 2007 the Exchange management tools have been largely based around PowerShell. This makes it easy to script stuff like this. The get-user command will list all of the users from Active Directory. The enable-mailuser command will mail enable them. That part didn’t take long to figure out, though getting the commands to work took a little while. The email address has to be passed into the enable-mailuser command, but using the user’s email address attribute itself doesn’t work, it has to be converted to a string first.
The last part I figured out thanks to a post by Shay Levy on a Microsoft newsgroup that came up on Google: https://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.powershell&tid=9b03c675-9b9c-431d-933b-4a00901c20c3&cat=en_US_3750E87B-4971-4A5C-A537-45F5D7ABBECC&lang=en&cr=US&sloc=&p=1. Someone there was asking how to do something similar to this with contacts instead of users.
Here’s the command I used below. At first, it would be best to start off testing with a single user:
get-user | foreach { enable-mailuser $_ -externalEmailAddress $_.WindowsEmailAddress.toString() }
There are still some issues with this, it comes back with an error if the user has no email address specified in their AD object, and it also probably will come back with an error if the user is already mail enabled or if they have an Exchange mailbox, but it’s a start.