The proxyAddresses attribute in Active Directory is used to assign multiple email addresses to a single user, group or contact. All additional object addresses are known as proxy addresses. Each email address is prefixed with an email address type identifier, such as “SMTP:”, “smtp:”, “X500:”, “SIP:”, etc. The proxyAddresses attribute can contain multiple values, unlike the mail attribute, which can only contain a single address.
For example, the proxyAddresses attribute for user b.jackson might contain the following values
proxyAddresses: SMTP:brian@theitbros.com
proxyAddresses: smtp:b.jackson@theitbros.com
proxyAddresses: smtp:admin@theitbros.com
In this example, note that one of the attribute values starts with the SMTP keyword in the upper case. This means that this address is used by the user’s primary email address. The other addresses in this example are additional (secondary) smtp addresses.
The proxyAddresses attribute can contain different email address types than SMTP addresses, such as X.500 addresses, SIP: addresses, etc. These could be used for more complex email systems, hybrid scenarios, or migrations.
Managing Current Values in the ProxyAddresses Attribute
You can view and change the current values in the proxyAddresses attribute in AD by using the Active Directory Users and Computers console.
-
- Run the ADUC mmc snap-in (dsa.msc);
- From the top menu, select View > Advanced Features;
- Locate the object in the AD for which you want to view the attributes (it can be a user, a security/mail-enabled group, or a contact), and open its properties;
- Go to the Attribute Editor tab;
- Find proxyAddresses in the list of attributes;
- Double-click an attribute to list the values it contains;
- You can add or remove values in the proxyAddresses attribute from this form.
Note. You can also use the ADSIEdit graphical snap-in to edit the values in the proxyAddresses attribute.
In order to view, add, or delete the values in the proxyAddresses attribute, you can use cmdlets from the Active Directory for Windows PowerShell module.
Let’s try to display the values of the proxyAddresses attribute for user b.jackson:
Get-AdUser –Identity b.jackson -Properties proxyAddresses| select Name, proxyAddresses
This cmdlet lists all of the values in the proxyAddresses attribute on a single line. To display each SMTP address separately, use the following PowerShell script:
$User = Get-ADUser -Identity b.jackson -Properties proxyAddresses
ForEach ($proxyAddress in $User.proxyAddresses) {
$Output = $proxyAddress
Write-Host $Output
}
In order to add a single additional SMTP address to the proxyAddresses attribute, you can use the following command:
Set-ADUser b.jackson -add @{ProxyAddresses="new_brion@theitbros.com"}
You can add multiple ProxyAddresses values at once:
Set-ADUser b.jackson -add @{ProxyAddresses="new_brion1@theitbros.com,smtp: new_brion@theitbrostest.onmicrosoft.com " -split ","}
To remove a single value from the proxyAddresses attribute:
Set-ADUser b.jackson -remove @{ProxyAddresses="new_brion1@theitbros.com"}
The proxyAddresses attribute is particularly useful during email migrations or coexistence scenarios where objects need to have multiple email addresses associated with them.
When your ADDS domain is synchronized with Azure AD, the values from the proxyAddresses attribute in on-premises AD are copied to a shadow mail or proxyAddresses attribute in Azure AD (according to Azure AD rules and your email address policy).
1 comment
I am trying to delegate access to a group which only allows write access to the proxyaddress attribute, are you able to assist?
I have created the group and through delegate control selected Read and Write ProxyAddresses but the field is not selectable when navigating to it with a test admin user.