Script repository

Make primary SMTP addresses unchangeable

Updated on: Jan 18, 2026, Views: 6093

Exchange

The script makes it impossible for users to change the primary SMTP address of an Exchange mailbox or mail-enabled user. To execute the script, create a business rule triggering Before modifying Exchange properties of a user.

Parameters

  • $cancelReason - the error message that will be displayed when the script cancels primary SMTP address modification.
  • $warningMessage - the warning message when the script prevents changing the primary SMTP address, but allows performing other operations (e.g. adding other smtp addresses).
$cancelReason = "You cannot change the primary SMTP address. Operation cancelled." # TODO: modify me
$warningMessage = "You cannot change the primary SMTP address. The 'Set as reply' option won't be applied." # TODO: modify me

# Get Exchange properties set by the action
$modifiedMailboxParams = $Context.Action.MailParameters
if (-not($modifiedMailboxParams.EmailAddressesModificationEnabled))
{
    # E-mail addresses are not modified
    return
}

# Get the current e-mail addresses
$mailboxParams = $Context.TargetObject.GetMailParameters()
$emailAddresses = $mailboxParams.EmailAddresses
$operation = "ADS_PROPERTY_NONE"

# Find the current primary address
for ($i = 0; $i -lt $emailAddresses.Count; $i++)
{
    $emailAddress = $emailAddresses.GetAddress($i,[ref]$operation)
    if ($emailAddress.AddressType -ne "ADM_EXCHANGE_ADDRTYPE_SMTP")
    {
        continue
    }
    
    if (-not($emailAddress.IsPrimary))
    {
        continue
    }
    
    $primarySmtpAddress = $emailAddress
    break
}

# Get the modified e-mail addresses
$modifiedAddressesCollection = $modifiedMailboxParams.EmailAddresses
for ($i = 0; $i -lt $modifiedAddressesCollection.Count; $i++)
{
    $modifiedEmailAddress = $modifiedAddressesCollection.GetAddress($i,[ref]$operation)
    if ($modifiedEmailAddress.AddressType -ne "ADM_EXCHANGE_ADDRTYPE_SMTP")
    {
        continue # Skip non-SMTP addresses
    }
    
    if (($modifiedEmailAddress.IsPrimary) -and ($modifiedEmailAddress.Address -eq $primarySmtpAddress.Address))
    {
        return # The primary address wasn't modified
    }
    elseif ($modifiedEmailAddress.IsPrimary -and $modifiedAddressesCollection.OverrideOldValues)
    {
        $Context.Cancel($cancelReason) # An attempt was made to remove the primary address
        return
    }
    elseif ($modifiedEmailAddress.IsPrimary -and -not($modifiedAddressesCollection.OverrideOldValues))
    {
        # An attempt was made to add a new email address and make it primary
        # Allow adding the address, but make it secondary
        $Context.LogMessage($warningMessage, "Warning")
        $modifiedEmailAddress.IsPrimary = $False
        
        $modifiedMailboxParams.EmailAddresses = $modifiedAddressesCollection
        $Context.Action.MailParameters = $modifiedMailboxParams
        return
    }
    elseif (-not($modifiedEmailAddress.IsPrimary) -and ($modifiedEmailAddress.Address -eq $primarySmtpAddress.Address))
    {
        # An attempt was made to set another existing address as primary
        # Remove this modification, but allow all other modifications
        $Context.LogMessage($warningMessage, "Warning")
        $modifiedEmailAddress.IsPrimary = $True
        
        $modifiedMailboxParams.EmailAddresses = $modifiedAddressesCollection
        $Context.Action.MailParameters = $modifiedMailboxParams
        return
    }
}

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.