Understanding the Difference Between proxyAddresses and mail Attributes in Active Directory for Exchange Integration


2 views

In Active Directory, the mail and proxyAddresses attributes serve distinct but interconnected purposes:

// Example of AD attributes
mail: primary@domain.com
proxyAddresses: SMTP:primary@domain.com
proxyAddresses: smtp:alias1@domain.com
proxyAddresses: smtp:alias2@domain.com
proxyAddresses: X400:c=US;a= ;p=Org;o=Exchange;s=Smith;

The mail attribute is a single-valued string that typically represents the user's primary email address. Exchange uses it for:

  • Default email address in GAL (Global Address List)
  • Fallback address resolution
  • Some legacy application integration

The proxyAddresses attribute is multi-valued with specific formatting rules:

// PowerShell example to examine attributes
Get-ADUser -Identity username -Properties mail,proxyAddresses |
Select-Object mail, @{n='proxyAddresses';e={$_.proxyAddresses -join ";"}}

Exchange processes email addresses in this priority order:

  1. Uppercase SMTP: entry in proxyAddresses (primary address)
  2. Lowercase smtp: entries (secondary addresses)
  3. mail attribute (if no SMTP entries exist)

Modern Exchange versions (2013+) may show these discrepancies because:

// Typical mismatch scenario
mail: legacy@olddomain.com
proxyAddresses: SMTP:new@currentdomain.com
proxyAddresses: smtp:legacy@olddomain.com

Use this PowerShell script to enforce synchronization:

# Sync mail attribute with primary SMTP address
$users = Get-ADUser -Filter * -Properties mail,proxyAddresses
foreach ($user in $users) {
    $primarySmtp = $user.proxyAddresses | 
        Where-Object { $_ -cmatch '^SMTP:' } |
        Select-Object -First 1
    
    if ($primarySmtp -and ($user.mail -ne $primarySmtp.Substring(5))) {
        Set-ADUser -Identity $user -mail $primarySmtp.Substring(5)
        Write-Host "Updated mail attribute for $($user.SamAccountName)"
    }
}

Case 1: Mails sent with wrong From address
Solution: Verify the uppercase SMTP: entry matches the intended primary address

Case 2: NDRs for valid addresses
Solution: Check all smtp: entries for typos using:

Get-ADUser -Identity username -Properties proxyAddresses |
Select-Object -ExpandProperty proxyAddresses |
Where-Object { $_ -like 'smtp:*' }

In Active Directory environments integrated with Exchange 2010, these attributes serve distinct purposes:

// Example of attribute representation in ADSI
mail: singleValuedAttribute = "primary@domain.com"
proxyAddresses: multiValuedAttribute = ["SMTP:primary@domain.com","smtp:alias@domain.com","X500:/o=Exchange/..."]

The mail attribute serves as:

  • LDAP-accessible primary email reference
  • Default display value in address books
  • Fallback address when no SMTP proxyAddress exists

Exchange primarily uses proxyAddresses for:

// Exchange 2010 transport rule example
Get-Recipient | Where {$_.EmailAddresses -like "SMTP:*@domain.com"}

Key characteristics:

  • Case-sensitive prefix (SMTP vs smtp) denotes primary address
  • Supports multiple protocols (SMTP, X400, X500)
  • Controls actual mail routing behavior

When attributes become desynchronized:

# PowerShell detection script
Get-ADUser -Filter * -Properties mail,proxyAddresses | 
Where {($_.mail) -and ($_.proxyAddresses -notlike "SMTP:$($_.mail)")}

For consistent behavior:

  1. Always set primary SMTP address first: 
    Set-ADUser -Identity user1 -Add @{proxyAddresses="SMTP:primary@domain.com"}
  2. Then synchronize mail attribute: 
    Set-ADUser -Identity user1 -EmailAddress "primary@domain.com"

Example mismatch case resolution:

# Fix conflicting attributes
$user = Get-ADUser user1 -Properties mail,proxyAddresses
$primarySMTP = ($user.proxyAddresses | Where {$_ -cmatch "^SMTP:"}).Substring(5)
Set-ADUser $user -EmailAddress $primarySMTP