New-AADConnectRuleRemoveProxy.ps1
|
<#PSScriptInfo
.VERSION 2.0.1 .GUID b013cfd2-58d4-472a-8342-b003c0fd62b9 .AUTHOR Aaron Guilmette .COMPANYNAME Microsoft .COPYRIGHT 2021 .TAGS .LICENSEURI .PROJECTURI https://www.undocumented-features.com/2018/09/02/update-to-the-aad-connect-remove-proxy-addresses-script/ .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES .DESCRIPTION Use this script to configure an AAD connect rule to remove one or more proxy address patterns. .PRIVATEDATA #> <# .SYNOPSIS Create a new AADConnect rule to remove a proxy address pattern. .PARAMETER LowestPrecedence Automatically create new rule as the lowest precedence rule (highest priority). .PARAMETER Name Specify the name for the new rule .PARAMETER Pattern Specify the address pattern to match and remove, e.g. contoso.com. .PARAMETER Precedence Choose a precedence value. .EXAMPLE .\New-AADConnectRuleRemoveProxy.ps1 -Pattern contoso.com -LowestPrecedence Create a new AAD Connect rule to remove proxy addresses matching contoso.com using the lowest available precedence rule. .EXAMPLE .\New-AADConnectRuleRemoveProxy.ps1 -Pattern contoso.com,fabrikam.com -Precedence 50 Create a new AAD Connect rule to remove proxy addresses matching either contoso.com or fabrikam.com and set the rule's precedence to 50. .LINK https://aka.ms/aarongallery .LINK https://undocumented-features.com/2018/09/02/Update-to-the-AAD Connect-Remove-Proxy-Addresses-Script .LINK https://undocumented-features.com/2016/06/21/remove-an-unwanted-proxyaddress-pattern-from-users-via-aadconnect/ .NOTES 2021-10-18 - Update default name parameter 2021-10-13 - Publish to PowerShell Gallery 2018-09-02 - Update Pattern to allow for an array - Add Name parameter to allow for custom rule naming - Update description field to list array of domains being removed via rule 2016-09-16 - Update rule precedence settings 2016-06-21 - Initial release. #> param( [switch]$LowestPrecedence, [string]$Name = "Out to AAD - User Remove Proxy", [array]$Pattern, [string]$Precedence = "90" ) If ($LowestPrecedence) { [array]$AllRulesPrecedence = (Get-ADSyncRule).Precedence $Precedence = (($AllRulesPrecedence | Measure-Object -Minimum).Minimum -1) } Write-Host "Creating expression" # Create the Expression $Expression = New-Object System.Text.StringBuilder foreach ($Proxy in $Pattern) { #$RemovePattern = [scriptblock]::Create("`"$Pattern`"") $Expression.Append("IIF(InStr([proxyAddresses],") | Out-Null $Expression.Append("`"$($Proxy)`", 1, vbTextCompare)=0,") | Out-Null } $Expression.Append("[proxyAddresses],") | Out-Null Foreach ($obj in 1..$Pattern.Count) { $Expression.Append("NULL),") | Out-Null } $Expression = $Expression.ToString().TrimEnd(",") Write-Host "done creating expression" [string]$global:Identifier = [Guid]::NewGuid().ToString() [string]$Connector = (Get-ADSyncConnector | ? { $_.Name -like "* - AAD" }).Identifier.ToString() New-ADSyncRule ` -Name $Name ` -Identifier $Identifier ` -Description "Remove Proxy Addresses Patterns:`n $($Pattern -join "`n")" ` -Direction 'Outbound' ` -Precedence $Precedence ` -PrecedenceAfter '00000000-0000-0000-0000-000000000000' ` -PrecedenceBefore '00000000-0000-0000-0000-000000000000' ` -SourceObjectType 'person' ` -TargetObjectType 'user' ` -Connector $Connector ` -LinkType 'Join' ` -SoftDeleteExpiryInterval 0 ` -ImmutableTag '' ` -OutVariable syncRule Add-ADSyncAttributeFlowMapping ` -SynchronizationRule $syncRule[0] ` -Source @('proxyAddresses') ` -Destination 'proxyAddresses' ` -FlowType 'Expression' ` -ValueMergeType 'Update' ` -Expression $Expression ` -OutVariable syncRule New-Object ` -TypeName 'Microsoft.IdentityManagement.PowerShell.ObjectModel.JoinCondition' ` -ArgumentList 'sourceAnchor','sourceAnchor',$false ` -OutVariable condition0 Add-ADSyncJoinConditionGroup ` -SynchronizationRule $syncRule[0] ` -JoinConditions @($condition0[0]) ` -OutVariable syncRule Add-ADSyncRule ` -SynchronizationRule $syncRule[0] Write-Host -NoNewLine "New AD Sync Rule Created: " Write-Host -ForegroundColor Green "$($Name)" Write-Host -NoNewline "Object Guid: " Write-Host -ForegroundColor Green "$($Identifier)" |