Find Duplicate Email Addresses among Several Attributes of any AD Object

This is a PowerShell script to find duplicate email addresses among any objects in Active Directory. Duplicates raise errors during synchronization with Azure AD or Office 365. All classes of objects are considered. The email addresses can be in any of four attributes.

1,718 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
  • Any Idea on this error?
    2 Posts | Last post June 27, 2019
    • PS H:\> H:\FindDuplIDs.ps1
      Get-ADObject : One or more properties are invalid.
      Parameter name: msRTCSIP-PrimaryUserAddress
      At H:\FindDuplIDs.ps1:11 char:12
      + $Objects = Get-ADObject -LDAPFilter $Filter -Properties $Prop
      +            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [Get-ADObject], ArgumentException
          + FullyQualifiedErrorId : One or more properties are invalid.
      Parameter name: msRTCSIP-PrimaryUserAddress,Microsoft.ActiveDirectory.Management.Commands.GetADObject
      Any Idea on the cause of that error when running the script? And how I can mitigate it? This script is exactly what I need but I can't get it to run.
    • I think I have it figured out.
      # Retrieve all objects where any of the attributes are assigned values.
      $Prop = @("userPrincipalName","mail","proxyAddresses")
      $Filter = "(|(userPrincipalName=*)(mail=*)(proxyAddresses=*))"
      $Objects = Get-ADObject -LDAPFilter "$Filter" -Properties $Prop
      I removed the unknown parameter from linds 9 and 10 and it seems to run fine now
  • Script breaks on trying to read msRTCSIP-PrimaryUserAddress
    2 Posts | Last post March 02, 2019
    • At C:\Batchfiles\Find-DuplID.ps1:24 char:33
      +     $PrimAddr = $Object.msRTCSIP-PrimaryUserAddress
      +                                 ~~~~~~~~~~~~~~~~~~~
      Unexpected token '-PrimaryUserAddress' in expression or statement.
          + CategoryInfo          : ParserError: (:) [], ParseException
          + FullyQualifiedErrorId : UnexpectedToken
      I see the attribute in AD using dsa.msc, but script doesn't like it. Do I need to add in a module?
    • Sorry, my test lab does not have that attribute, so I missed this issue. The msRTCSIP-PrimaryUserAddress attribute is one of the few with an lDAPDisplayName that includes the dash character. PowerShell interprets the string following the dash as a parameter, which makes no sense (since there is no leading space). The fix is to quote the attribute name in the statement that raises the error. I will revise the code shortly.