New-AADConnectRuleRemoveProxy.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<#PSScriptInfo
 
.VERSION 2.0
 
.GUID b013cfd2-58d4-472a-8342-b003c0fd62b9
 
.AUTHOR Aaron Guilmette
 
.COMPANYNAME Microsoft
 
.COPYRIGHT 2021
 
.TAGS
 
.LICENSEURI
 
.PROJECTURI https://www.undocumented-features.com/2018/09/02/update-to-the-aad-connect-remove-proxy-addresses-script/
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
 
.DESCRIPTION
Use this script to configure an AAD connect rule to remove one or more proxy address patterns.
 
.PRIVATEDATA
 
#>

<#
.SYNOPSIS
Create a new AADConnect rule to remove a proxy address pattern.
  
.PARAMETER LowestPrecedence
Automatically create new rule as the lowest precedence rule (highest priority).
 
.PARAMETER Name
Specify the name for the new rule
 
.PARAMETER Pattern
Specify the address pattern to match and remove, e.g. contoso.com.
  
.PARAMETER Precedence
Choose a precedence value.
  
.EXAMPLE
.\New-AADConnectRuleRemoveProxy.ps1 -Pattern contoso.com -LowestPrecedence
  
Create a new AAD Connect rule to remove proxy addresses matching contoso.com
using the lowest available precedence rule.
 
.EXAMPLE
.\New-AADConnectRuleRemoveProxy.ps1 -Pattern contoso.com,fabrikam.com -Precedence 50
 
Create a new AAD Connect rule to remove proxy addresses matching either
contoso.com or fabrikam.com and set the rule's precedence to 50.
  
.LINK
https://aka.ms/aarongallery
 
.LINK
https://undocumented-features.com/2018/09/02/Update-to-the-AAD Connect-Remove-Proxy-Addresses-Script
 
.LINK
https://undocumented-features.com/2016/06/21/remove-an-unwanted-proxyaddress-pattern-from-users-via-aadconnect/
 
.NOTES
2018-09-02
- Update Pattern to allow for an array
- Add Name parameter to allow for custom rule naming
- Update description field to list array of domains being removed via rule
 
2016-09-16
- Update rule precedence settings
 
2016-06-21
- Initial release.
#>

param(
    [switch]$LowestPrecedence,
    [string]$Name = "Out to AAD - User Strip Proxy",
    [array]$Pattern,
    [string]$Precedence = "90"
    )

If ($LowestPrecedence)
    {
    [array]$AllRulesPrecedence = (Get-ADSyncRule).Precedence
    $Precedence = (($AllRulesPrecedence | Measure-Object -Minimum).Minimum -1)
    }
Write-Host "Creating expression"
# Create the Expression
$Expression = New-Object System.Text.StringBuilder

foreach ($Proxy in $Pattern)
{
    #$RemovePattern = [scriptblock]::Create("`"$Pattern`"")
    $Expression.Append("IIF(InStr([proxyAddresses],") | Out-Null
    $Expression.Append("`"$($Proxy)`", 1, vbTextCompare)=0,") | Out-Null
    
}
$Expression.Append("[proxyAddresses],") | Out-Null
Foreach ($obj in 1..$Pattern.Count)
{
$Expression.Append("NULL),") | Out-Null
}
$Expression = $Expression.ToString().TrimEnd(",")
Write-Host "done creating expression"

[string]$global:Identifier = [Guid]::NewGuid().ToString()
[string]$Connector = (Get-ADSyncConnector | ? { $_.Name -like "* - AAD" }).Identifier.ToString()

New-ADSyncRule  `
-Name $Name `
-Identifier $Identifier `
-Description "Remove Proxy Addresses Patterns:`n $($Pattern -join "`n")" `
-Direction 'Outbound' `
-Precedence $Precedence `
-PrecedenceAfter '00000000-0000-0000-0000-000000000000' `
-PrecedenceBefore '00000000-0000-0000-0000-000000000000' `
-SourceObjectType 'person' `
-TargetObjectType 'user' `
-Connector $Connector `
-LinkType 'Join' `
-SoftDeleteExpiryInterval 0 `
-ImmutableTag '' `
-OutVariable syncRule

Add-ADSyncAttributeFlowMapping  `
-SynchronizationRule $syncRule[0] `
-Source @('proxyAddresses') `
-Destination 'proxyAddresses' `
-FlowType 'Expression' `
-ValueMergeType 'Update' `
-Expression $Expression `
-OutVariable syncRule

New-Object  `
-TypeName 'Microsoft.IdentityManagement.PowerShell.ObjectModel.JoinCondition' `
-ArgumentList 'sourceAnchor','sourceAnchor',$false `
-OutVariable condition0
Add-ADSyncJoinConditionGroup  `
-SynchronizationRule $syncRule[0] `
-JoinConditions @($condition0[0]) `
-OutVariable syncRule
Add-ADSyncRule  `
-SynchronizationRule $syncRule[0]

Write-Host -NoNewLine "New AD Sync Rule Created: "
Write-Host -ForegroundColor Green "$($Name)"
Write-Host -NoNewline "Object Guid: "
Write-Host -ForegroundColor Green "$($Identifier)"