Dear visitor, in case we do not cover a topic you are looking for, then feel free to ask in our freshly created forum for IT-professionals for a solution. We hope our visitors can help you out with your questions. Have a good one. ~ Tom.

How to add/modify/delete SMTP proxy attribute

proxyAddresses is a multivalued attribute in Active Directory (AD) used on users, groups, and contacts to facilitate mail delivery.

To configure this attribute using PowerShell, you need the ActiveDirectory Module for PowerShell. This module is part of RSAT (Remote Server Administration Tools) which you need to activate (or download depending on your OS version). It’s available by default on domain controllers.

Before you start editing the proxyAddresses attribute, you should understand the following:

  • You must prefix the primary (sending) mail alias with upper case “SMTP:”
  • Only one value/alias is allowed to have the upper case “SMTP:” prefix
  • You must prefix secondary mail aliases with lower case “smtp:”
  • No duplicate values (across all AD objects) are allowed
  • Mail addresses must be valid SMTP addresses as per RFC 5322
  • Faulty configurations of this attribute can potentially break mail delivery for the recipient
  • Active Directory makes no sanity check on values you enter/update/delete
  • It’s a multivalued attribute, and wrong commands may unintentionally overwrite existing values

Modify proxyAddresses

Launch the poweshell as administrative user.

Add SMTP proxy attribute

The following command will import a single value to the multivalued proxyAddresses attribute. Any existing values are kept.

Import-Module ActiveDirectory
Set-ADUser <Some_Username> -add @{ProxyAddresses=""}
List SMTP proxy attribute

The following command will display all smtp entries from the proxyAddresses attribute.

Import-Module ActiveDirectory
Get-ADUser -Identity <Some_Username> -Properties proxyaddresses | Select-Object Name, @{L = "ProxyAddresses"; E = { ($_.ProxyAddresses -like 'smtp:*') -join ";"}}
Remove SMTP proxy attribute

The following command will remove a single entry from the proxyAddresses attribute. Any other existing values are kept.

Import-Module ActiveDirectory
Set-ADUser <Some_Username> -Remove @{ProxyAddresses=""}

Export proxyAddresses to CSV

Use the following script to export all proxyAddresses for all AD objects. The script generates one line for each individual value of each proxyAddresses attribute value of each AD object. This means you will have four lines for a user with one primary SMTP alias and three secondary SMTP alias’s.

Import-Module ActiveDirectory
"DN;proxyAddress" | Out-File ".\proxyAddressesBackup.txt"
$Objects = Get-ADObject -LDAPFilter "(proxyAddresses=*)" -Properties proxyAddresses
ForEach ($Object In $Objects) {
  ForEach ($proxyAddress in $Object.proxyAddresses) {
    $Output = $Object.distinguishedName + ";" + $proxyAddress
    Write-Host $Output
    $Output | Out-File ".\proxyAddressesBackup.txt" -Append

Filter proxyAddresses With LDAP Query

As an example, let’s identify all users that have a “.local” mail address (having a .local proxyAddress will block the user from replicating to Azure with Azure AD Connect):

Import-Module ActiveDirectory
$Users = Get-ADUser -LDAPFilter "(proxyAddresses=*.local)" -Properties proxyAddresses
ForEach ($User In $Users) {
  ForEach ($proxyAddress in $User.proxyAddresses) {
    If($proxyAddress -Like '*.local'){
    Write-Host $User.distinguishedName `t $proxyAddress

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.