diff --git a/ceod/model/User.py b/ceod/model/User.py
index dcef636..ff7671a 100644
--- a/ceod/model/User.py
+++ b/ceod/model/User.py
@@ -70,6 +70,7 @@ class User:
 
         self.ldap_srv = component.getUtility(ILDAPService)
         self.krb_srv = component.getUtility(IKerberosService)
+        self.base_domain = cfg.get('base_domain')
 
     def to_dict(self, get_forwarding_addresses: bool = False) -> Dict:
         data = {
@@ -105,6 +106,8 @@ class User:
         return self._is_club
 
     def add_to_ldap(self):
+        if not self.mail_local_addresses:
+            self.mail_local_addresses = [f'{self.uid}@{self.base_domain}']
         self.ldap_srv.add_user(self)
 
     def remove_from_ldap(self):
diff --git a/one_time_scripts/inetorgperson.py b/one_time_scripts/inetorgperson.py
index 19273b1..a2c9fee 100644
--- a/one_time_scripts/inetorgperson.py
+++ b/one_time_scripts/inetorgperson.py
@@ -14,9 +14,9 @@ import traceback
 import ldap3
 
 # modify as necessary
-LDAP_URI = "ldap://auth1.csclub.uwaterloo.ca"
+LDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca"
 LDAP_MEMBERS_BASE = "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
-UWLDAP_URI = "ldap://auth1.csclub.uwaterloo.ca"
+UWLDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca"
 UWLDAP_MEMBERS_BASE = "ou=UWLDAP,dc=csclub,dc=uwaterloo,dc=ca"
 
 csc_conn = ldap3.Connection(
diff --git a/one_time_scripts/mail_local_addresses.py b/one_time_scripts/mail_local_addresses.py
new file mode 100644
index 0000000..d53b770
--- /dev/null
+++ b/one_time_scripts/mail_local_addresses.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env python3
+"""
+This is a script which adds the mailLocalAddress to all members.
+
+GSSAPI is used for LDAP authentication, so make sure to run `kinit` first.
+Also, make sure to run this script from the top-level of the git directory
+(see the sys.path hack below).
+"""
+import ldap3
+
+# modify as necessary
+BASE_DOMAIN = "csclub.uwaterloo.ca"
+LDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca"
+LDAP_MEMBERS_BASE = "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
+
+conn = ldap3.Connection(
+    LDAP_URI, authentication=ldap3.SASL, sasl_mechanism=ldap3.KERBEROS,
+    auto_bind=True, raise_exceptions=True)
+conn.search(LDAP_MEMBERS_BASE, '(&(objectClass=member)(!(mailLocalAddress=*)))',
+            attributes=['uid', 'objectClass'])
+total_records_updated = 0
+for entry in conn.entries:
+    uid = entry.uid.value
+    address = f'{uid}@{BASE_DOMAIN}'
+    changes = {'mailLocalAddress': [(ldap3.MODIFY_REPLACE, [address])]}
+    if 'inetLocalMailRecipient' not in entry.objectClass.values:
+        changes['objectClass'] = [(ldap3.MODIFY_ADD, ['inetLocalMailRecipient'])]
+    conn.modify(entry.entry_dn, changes)
+    print('Modified %s' % entry.uid.value)
+    total_records_updated += 1
+print('Total records updated: %d' % total_records_updated)
diff --git a/tests/ceod/api/test_members.py b/tests/ceod/api/test_members.py
index 21c360f..b936d0f 100644
--- a/tests/ceod/api/test_members.py
+++ b/tests/ceod/api/test_members.py
@@ -63,6 +63,7 @@ def test_api_create_user(cfg, create_user_resp, mock_mail_server):
             "is_club_rep": False,
             "program": "Math",
             "terms": ["s2021"],
+            "mail_local_addresses": ["test_1@csclub.internal"],
             "forwarding_addresses": ['test_1@uwaterloo.internal'],
             "password": "krb5"
         }},