AdUser attribute change

Sophia 356 Reputation points
2021-04-30T18:48:29.977+00:00

Is it possible to view what attribute changed for an ADUser like for instance if there was an additional proxyaddress that was added and when it was added.

I'm aware of the following:

Get-AdreplicationAttributemetadat -object (Get-aduser user1) -server dc1.domain.com | where-object {$_.AttributeName -eq "ProxyAddresses"} | select-object -property AttributeName,AttributeValue,FirstOriginatingCreateTime,LastOriginatingtime,LastOriginatingChangeDirectoryServerIdentity.

The problem with that is that it doesn't really give the correct information that I'm are trying to get. I mean if I go into my Exchange Server and remove and an email address policy for a specific user and then go run my above mentioned script it will give me the date and time of the policy that was removed from the the user because email address policies update AD User's Proxyaddresses attribute without saying what was added/removed.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,838 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,341 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,359 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KyleXu-MSFT 26,206 Reputation points
    2021-05-03T02:29:46.03+00:00

    @Safs-3080

    If you remove an email address policy(@domain123.com) from a mailbox, the related proxy email address(@domain123.com) still exist on this mailbox, this email address will not be removed.

    From Exchange side, after enabling admin audit log, you can use it to check if admin add/delete proxy email address for a mailbox:
    93192-qa-kyle-10-15-56.png

    You can also check whether admin create/delete a new email address policy:
    93079-qa-kyle-10-17-24.png

    You can click on this one to check email address policy applied on which mailbox:
    93186-qa-kyle-10-28-33.png

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments