Add SIP Address to AD Object

PowerShell Help
1

Hi All, I have put together this script to update the UPN and Email Address in AD and AAD for user objects, including setting the Primary SMTP address (loading required AD and EOL modules in advance).
Looking for advice on the SIP part - some objects have SIP specified that need updating and others dont have one. What is the best way of adding something to the script to check if a SIP exists and then update it to the new format or add the SIP if it doesnt exist please?

### Rename UPN in AD ###

Start-Transcript -Path "C:\temp\Contosonew.log" -append

# Get AD Objects in Scope - OU #
Get-ADuser -SearchBase "OU=Users,OU=M365,DC=Contoso,DC=com" -filter *  | Select-Object samaccountname,userprincipalname | Export-csv C:\Temp\Users.csv -NoTypeInformation
# Import Users into Variable # 
$Users = Import-CSV C:\Temp\Users.csv

# Rename UPN & EmailAddress in AD, Set Primary SMTP Address, Rename AAD UPN #
foreach ($User in $Users) {
    $newaddress = "{0}@{1}" -f $user.samaccountname,"contosonew.com"
    Set-ADUser -Identity $User.SamAccountName -UserPrincipalName $newaddress -EmailAddress $newaddress 
    Set-RemoteMailbox -Identity $newaddress -PrimarySMTPAddress $newaddress
}

# Add SIP Address - This will add a SIP for all objects
foreach ($User in $Users) {
$sipaddress = ("{0}{1}@{2}" -f "SIP:",$user.samaccountname,"contosonew.com")
write-host $sipaddress
Set-ADUser -identity $user.SamAccountName -Add @{ProxyAddresses=$sipaddress}
}

# Rename UPN in AAD
foreach ($User in $Users) {
    #$newaddress = "{0}@{1}" -f $user.samaccountname,"theitcollaborator.com"
    Set-MsolUserPrincipalName -UserPrincipalName $User.userprincipalname -NewUserPrincipalName $newaddress
}

Stop-Transcript
2

It does not make any sense to export the user list just to reimport it right away.

And it does not make sense to use 3 loops to iterate over the same list. Do it in one.

$UserList = Get-ADuser -SearchBase 'OU=Users,OU=M365,DC=Contoso,DC=com' -Filter *

foreach ($User in $UserList) {
    $newaddress = "{0}@{1}" -f $user.samaccountname,'contosonew.com'
    Set-ADUser -Identity $User.SamAccountName -UserPrincipalName $newaddress -EmailAddress $newaddress 
    Set-RemoteMailbox -Identity $newaddress -PrimarySMTPAddress $newaddress

    $sipaddress = "{0}{1}@{2}" -f 'SIP:',$user.samaccountname,'contosonew.com'
    Set-ADUser -identity $user.SamAccountName -Add @{ProxyAddresses=$sipaddress}

    Set-MsolUserPrincipalName -UserPrincipalName $User.userprincipalname -NewUserPrincipalName $newaddress
}

You simply add an if condition inside the loop checking the status of the property you want and place the code for the change inside the scriptblock of the if condition.

1 Like
3

Thanks Olaf - tbh the import piece i would have tidied up but appreciate the feedback for removing unnecessary loops.
I will take a look at adding an If Condition for the SIP piece. Thanks as always kind sir.

4

@Olaf - does the below look correct for the If Condition syntax? Im a little perplexed how to structure the initial “check” of the If statement. Appreciate your advice.

$sipaddress = "{0}{1}@{2}" -f 'SIP:',$user.samaccountname,'contosonew.com'
if (Get-ADObject -Properties proxyAddresses -Filter {proxyAddresses -eq "SIP:*@contoso.com"}) {
    Set-ADUser -identity $user.SamAccountName -Add @{ProxyAddresses=$sipaddress}
    } else {
        Set-ADUser -identity $user.SamAccountName -Add @{ProxyAddresses=$sipaddress
    }
5

Actually - no. In your condition check you run an AD query for ALL accounts with a SIP address - not just the current one from the loop. If that would work you would query your AD over and over inside your loop for ALL accounts. That will put a lot of stress to your AD. But you use a wildcard in your filter and try to compare it with -eq - that will not work anyway. :wink:

Instead I’d recommend to add a -Properties proxyAddresses to your initial query for your $UserList and work with that. To check if there is a SIP address you could run

$user.proxyAddresses | Where-Object {$_ -match 'SIP:'}

I would move the creation of the variable $sipaddress inside the scriptblock. So it does not run when it’s not necessary.

And why do you actually run the same command in the if scriptblock AND in the else script block. :thinking:

6

Is the SIP address for Skype?

7

@Matt - the SIP is needed for Teams voice. Some accounts (not all) have a SIP address.

8

@Olaf - thanks for your additional input. Does the below look more logical and likely to work?
Effectively if there isnt a SIP then it will create one but if there is, it will update it to match the criteria for the SIP.

$sipaddress = "{0}{1}@{2}" -f 'SIP:',$user.samaccountname,'contosonew.com'
$sip = $user.proxyAddresses | Where-Object {$_ -match 'SIP:'}
if ($sip.Length -eq 0)
{
    Set-ADUser -identity $user.SamAccountName -Add @{ProxyAddresses=$sipaddress}
}
elseif ($sip.Length -gt 1)
{
    $sip.Address = $sipaddress
}
9

This forum is not meant to provide a review for each single step or change you do on your code. You should test your own code in a test environment or at least with test data to see if it does what you want. If not - you try to figure out why by yourself in the first place. And if that does not work you’re very welcome here to ask for help.

10

@Olaf - appreciate that and apologies for my impertinence here.

I have done testing in my lab and have the following which works fine if the account doesnt have a SIP address already (great for the users needing it added). However if the users already have a SIP, it adds the new, correct format SIP in addition to the existing - where as I would like it to update the existing SIP to the new format.

Appreciate any advice here.

$sipaddress = "{0}{1}@{2}" -f 'SIP:',$user.samaccountname,'Contoso.com'
    $sip = $user.proxyAddresses | Where-Object {$_ -match 'SIP:'}
    if ($sip.Length -eq 0)
    {
    Set-ADUser -identity $user.SamAccountName -Add @{ProxyAddresses=$sipaddress}
    }
    else {
    $sip.Address = $sipaddress #This is the part that would need to overwrite the existing SIP
    }
11

So the below finally gives me something that works - adds the SIP if not present and updates the existing SIP (via a remove and add). Will continue to look if there is a neater way to present this code but appreciate any input

$sipaddress = "{0}{1}@{2}" -f 'SIP:',$user.samaccountname,'Contosonew.com'
    $sip = $user.proxyAddresses | Where-Object {$_ -match 'SIP:'}
    if ($sip.Length -eq 0)
    {
    Set-ADUser -identity $user.SamAccountName -Add @{ProxyAddresses=$sipaddress}
    }
    else {
    Set-ADUser -identity $user.SamAccountName -Remove @{ProxyAddresses=$sip} -Add @{ProxyAddresses=$sipaddress}
12

Great. And thanks for sharing. :+1:t4: :love_you_gesture:t4:

13

Have you actually tested just changing the SIP in the proxy list? I am not so sure this will work.

I was playing with your initial code when I posted and changing/adding a SIP in the proxy list did not actually change/add the SIP in skype.

Are you using Teams now? Or just preparing too?

14

Hi Matt,
This does work in terms of adding/updating the SIP in AD and syncing the address to M365. This is for existing Teams voice use, not SFB.