This PowerShell script is one of the most comprehensive you will find that provides a thorough overview and full report of all contact objects in a domain. It is the culmination of many Active Directory audit and reviews and therefore contains valuable input from many customers.
A lot of thought has been put into the logic within this script to help an organisation understand:
- Contacts that are mail-disabled
- Contacts that are ADFS Farm objects, which are Contact objects located under the certificate sharing container.
- Contacts that are UM Integration objects
- Contacts that are conflicting/duplicate objects (name contains CNF:)
- Contacts that have expired
- Contacts that have no manager set
- Contacts that have been left in the default Users container (CN=Users)
FYI:
- Mail-enabled contacts are derived from the targetAddress, proxyAddresses, legacyExchangeDN, and mailNickName attributes.