Query OnPremise AD for Specific AD attributes not working?

Hi People,

I need some help to modify the below script to show additional column Office 365 or OnPremise:

Get-ADGroup -Filter {Name -like '*IT*'} | Select-Object @{ n='Group'; e={ $_.Name } }, @{ n='Members'; e={ (Get-ADGroup $_.DistinguishedName -Properties Members | Select-Object Members).Members } } |
    Get-ADGroupMember -Recursive |
        Get-ADUser -Properties Mail | Select-Object Name, sAMAccountName, Mail |
            Export-CSV -path "C:\RESULT\Group_members.csv" -NoTypeInformation

The above simple PowerShell script is only working to export the list of the users in a particular member of AD Groups.

I also have tried the below script to query OnPremise AD with the specific attributes, but still failed no result returned?

Get-ADUser -Filter * -Properties msExchRemoteRecipientType, msExchRecipientDisplayType, msExchRecipientTypeDetails, targetAddress | 
    Where-Object {($_.msExchRemoteRecipientType -eq 4) -and 
        ($_.msExchRecipientDisplayType = '-2147483642') -and
        ($_.msExchRecipientTypeDetails = '2147483648') -and
        ($_.targetAddress -contains "*.onmicrosoft.com*")
    }

However, it returns some error like below:

msExchRecipientDisplayType : The term 'msExchRecipientDisplayType' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:3 char:10 + (msExchRecipientDisplayType = '-2147483642') -and + ~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (msExchRecipientDisplayType:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
Any help would be greatly appreciated.

Thanks,

You need to fix your Where-Object parameters and use ‘-eq’ and not ‘=’. Using the equal sign is for assigning values, not for comparisons.

No matter how you call this, there is no property on the user via Get-ADUser called targetAddress
Though if you put it in your select, it will show up in the results as empty because you are allowed to add any property name you want in a select, whether it exists or not.

And this is a syntax error

$_.msExchRecipientDisplayType = '-2147483642')

So, validate that integer is correct on both of those Exchange attributes.

You are also not using comparison operations correctly, but you are using assignment operators. Meaning the -eq vs ‘=’.

# Find all cmdlets / functions with a target parameter
Get-Command -CommandType Function | 
Where-Object { $_.parameters.keys -match 'targetAddress'} | 
Format-Table -Autosize


# No results

Get-Command -CommandType Cmdlet | 
Where-Object { $_.parameters.keys -match 'targetAddress'} | 
Format-Table -Autosize
 

# No results



Get-Command -CommandType Function | 
Where-Object { $_.parameters.keys -match 'Address'} | 
Format-Table -Autosize


# No results

Get-Command -CommandType Cmdlet | 
Where-Object { $_.parameters.keys -match 'Address'} | 
Format-Table -Autosize
 
<#
CommandType     Name                        ModuleName
-----------     ---- ----------
Cmdlet          New-ADDCCloneConfigFile     ActiveDirectory
Cmdlet          New-ADOrganizationalUnit    ActiveDirectory
Cmdlet          New-ADUser                  ActiveDirectory
Cmdlet          Set-ADOrganizationalUnit    ActiveDirectory
Cmdlet          Set-ADUser                  ActiveDirectory
#>


Get-Command -CommandType Function | 
Where-Object { $_.parameters.keys -match 'EmailAddress|proxyAddress'} | 
Format-Table -Autosize


# No results

Get-Command -CommandType Cmdlet | 
Where-Object { $_.parameters.keys -match 'EmailAddress|proxyAddress'} | 
Format-Table -Autosize
<#
CommandType Name       ModuleName     
----------- ----       ----------     
Cmdlet      New-ADUser ActiveDirectory
Cmdlet      Set-ADUser ActiveDirectory
#>


Clear-Host
(Get-ADUser -Filter * -Properties *)[0] | 
Get-Member -Force | 
Select Name, MemberType | 
Format-Table -AutoSize


Name                                            MemberType
----                                            ----------
...
EmailAddress                                      Property
...
mail                                              Property
mailNickname                                      Property
...
msExchArchiveQuota                                Property
msExchArchiveWarnQuota                            Property
msExchCalendarLoggingQuota                        Property
msExchCoManagedObjectsBL                          Property
msExchDumpsterQuota                               Property
msExchDumpsterWarningQuota                        Property
msExchELCMailboxFlags                             Property
msExchHomeServerName                              Property
msExchMailboxGuid                                 Property
msExchMailboxSecurityDescriptor                   Property
msExchPoliciesIncluded                            Property
msExchRBACPolicyLink                              Property
msExchRecipientDisplayType                        Property
msExchRecipientTypeDetails                        Property
msExchTextMessagingState                          Property
msExchUMDtmfMap                                   Property
msExchUserAccountControl                          Property
msExchUserCulture                                 Property
msExchVersion                                     Property
msExchWhenMailboxCreated                          Property
...
proxyAddresses                                    Property
...
#>

Clear-Host
Get-ADUser -Identity Administrator -Properties * | 
Get-Member -Force | 
Select Name, MemberType | 
Format-Table -AutoSize


Name                                            MemberType
----                                            ----------
...
EmailAddress                                      Property
...
mail                                              Property
mailNickname                                      Property
...
msExchArchiveQuota                                Property
msExchArchiveWarnQuota                            Property
msExchCalendarLoggingQuota                        Property
msExchCoManagedObjectsBL                          Property
msExchDumpsterQuota                               Property
msExchDumpsterWarningQuota                        Property
msExchELCMailboxFlags                             Property
msExchHomeServerName                              Property
msExchMailboxGuid                                 Property
msExchMailboxSecurityDescriptor                   Property
msExchPoliciesIncluded                            Property
msExchRBACPolicyLink                              Property
msExchRecipientDisplayType                        Property
msExchRecipientTypeDetails                        Property
msExchTextMessagingState                          Property
msExchUMDtmfMap                                   Property
msExchUserAccountControl                          Property
msExchUserCulture                                 Property
msExchVersion                                     Property
msExchWhenMailboxCreated                          Property
...
proxyAddresses                                    Property
...
#>

Cool, that’s very spot on :slight_smile:

So I have changed the query below, but still, no result is returned?

Get-ADUser-Filter *-Properties *|
Where-Object {($_.msExchRemoteRecipientType-eq4) -and
  ($_.msExchRecipientDisplayType -eq '-2147483642') -and
  ($_.msExchRecipientTypeDetails -eq '2147483648') -and
  ($_.proxyAddresses -contains "*.onmicrosoft.com*")
}
Is there anything that must be modified to search the proxyAddresses attribute which contains "*.onmicrosoft.com*" ?

-contains searches for an exact match of an element of an array. You’d be better off with -like or -match.

Update for the OP

After getting back to my test environment, the below works for the use case.

Get-ADUser -Filter * -Properties msExchRemoteRecipientType,proxyAddresses,msExchRecipientDisplayType,msExchRecipientTypeDetails | 
Where-Object {($_.msExchRemoteRecipientType -eq 4) -and
  ($_.proxyAddresses -match "onmicrosoft.com") -and
  ($_.msExchRecipientDisplayType -eq '-2147483642') -and
  ($_.msExchRecipientTypeDetails -eq '2147483648')
}

Also, correction, not that you need it for what you are after, since the proxyAddresses return the same thing, when you hit that remote O365 mailbox, you do get a targetAddress property, it’s just not on the on-prem mailboxes, hence the reason, the proxyAddresses may be more prudent for you to use for consistency.

Get-ADUser -Filter * -Properties msExchRemoteRecipientType,proxyAddresses,targetAddress,msExchRecipientDisplayType,msExchRecipientTypeDetails | 
Where-Object {($_.msExchRemoteRecipientType -eq 4) -and
  ($_.proxyAddresses -match "onmicrosoft.com") -and
  ($_.targetAddress -match 'onmicrosoft.com') -and 
  ($_.msExchRecipientDisplayType -eq '-2147483642') -and
  ($_.msExchRecipientTypeDetails -eq '2147483648')
}

Thanks all for the pointers and the assistance in this matter.

It is working great now.

no worries.