Certain parameters support wildcards. That * that you passed to Get-ADUser happens to be assigned to its "Filter" parameter, which does.
However, you can't just stick wildcards anywhere you like. The -Identity parameter to Set-ADUser and the values in the hashtable that you pass to -Remove probably don't do any sort of wildcard matching (though I haven't tested that myself.) That doesn't mean that you can't conceptually make this work, just that it takes more work on your part. You need to have a script which fetches one or more users, looks through their proxyAddresses attribute for matching values, and removes them explicitly. Something like this (again, not tested; I don't have an AD environment up on my home lab at the moment. Remove the -WhatIf parameter from the Set-ADUser command once you're confident it's doing the right thing.)
$users = Get-ADUser * -Properties proxyAddresses foreach ($user in $users) { $addressesToRemove = @($user.proxyAddresses) -like '*500*' if ($addressesToRemove.Count -gt 0) { Set-ADUser -Identity $user.DistinguishedName -Remove @{proxyAddresses = $addressesToRemove} -WhatIf } }
Note: It may be possible to speed this up by filtering the Get-ADUser command with something like -Filter 'ProxyAddresses -like "*500*"' , but since I can't test that at the moment, I went something that I was confident should work.