Finding Unused AD Name

Welcome Forums General PowerShell Q&A Finding Unused AD Name

This topic contains 7 replies, has 5 voices, and was last updated by

1 year, 1 month ago.

  • Author
  • #92077

    Points: 0
    Rank: Member


    I am currently trying to create a function that will take a CSV file and Output a username that is available to use. Right now it checks to see if their first name is already taken as a username, if it is, I want to add the first letter of their last name and test it again. These test would continue until it finds a username that is not in use. I am having issues getting it to loop correctly. The overall goal is to import a CSV user and create an AD User with the following attributes: Name, Manager, Location, Telephone, Mobile Phone, Job Title.

    function Get-MSUsername {
        $csv = Import-Csv 'C:\Users\ericq\Desktop\New HIre Test.csv' |
            ForEach-Object {
            $i = 0
            $User = $_.First
            $Username = Get-ADUser -ErrorAction SilentlyContinue $User
            $LastNameLetters = $_.Last.ToCharArray()
            if (!$username) {
                $MSusername = $Username
            else {
                $User = $User + $LastNameLetters[$i]
            }#END ARRAY LOOP#>
            Write-Host "$MSUsername test"

    Thank you!

  • #92081

    Points: 1,166
    Helping Hand
    Rank: Community Hero

    Of course there is a lot of room for improvement but you could start with something like this:

    Function Find-AvailableSamAccountName {
    		[Parameter(Position=0, Mandatory=$true)]
    		[Parameter(Position=1, Mandatory=$true)]
    	try {
    		If(Get-ADUser -Identity $GivenName){
                $GivenName = $GivenName + $Surname.substring(0,1)
                $Surname = $Surname.Substring(1)
                Find-AvailableSamAccountName -GivenName $GivenName -Surname $Surname
    	catch {

    It does not take the whole csv file it only takes one first name and surname pair at a time and checks the AD for the specified criteria. Try it and play a little with it. 😉

    • #92086

      Points: 0
      Rank: Member

      Thanks Olaf! I totally forgot about calling the function again within the if statement. I will play around with it, but I think it will do the trick.

  • #92098

    Points: 0
    Rank: Member

    You can run the below scripts to find Active Directory user accounts that haven't been used

    import-module activedirectory
    $domain = “”

    $User = get-aduser -Filter {-not ( lastlogontimestamp -like “*”) -and (enabled -eq $true)} -Properties DistinguishedName, GivenName, Surname, Name, SamAccountName, userprincipalname, whenCreated |
    Select-Object DistinguishedName, GivenName, Surname, Name, SamAccountName, userprincipalname, whenCreated,`

    # View graphically
    # $User | Out-GridView

    # Export to CSV
    $User | Export-CSV C:\Temp\ADNeverLoggedOn16082016c.csv -NoTypeInformation

    # Count how many computers
    ($User | Measure-Object).Count

    Please refer to the following article.,2-250.html

    • #92099

      Points: 1,166
      Helping Hand
      Rank: Community Hero

      Close but anyway just off the mark. 😉 The question was to find available / not existing SamAccountNames and not accounts not used for a while. 😉

  • #92107

    Points: 2
    Rank: Member

    Something to think about depending on the volume and time until the accounts are actually created, is that you are not reserving these account names. So, if there is significant time between the generation of the list and account creation, other accounts could "steal" the ID. Also, if there are 2 or more people with the same given name in your CSV, you will return the same result for both. A better approach would be to attempt to create a placeholder, catching errors until it succeeds. Give them a special description, and you can clean up the unused ones if they are not converted to real accounts after a certain amount of time has passed.

  • #92114

    Points: 181
    Helping Hand
    Rank: Participant

    Coming from an Access Management realm myself, I would highly suggest against using properties like a users name to build user id's, as they will quickly become painful to manage, as you're already seeing in trying to find unused network id's.

    you may find yourself better served to find a truly distinct identifier for your users and utilize that to build your id's.

    unfortunately, you do have to rely on others to help (usually the HR dept)

    but you will save yourself significant pain going forward, examples would be how do you handle legal name changes/marriages various other things that affect your chosen account naming standard.

    • #92120

      Points: 0
      Rank: Member


      I agree with you 100%. Unfortunately I do not have much control over user id creation schema. I have brought it up that we should change while we are still a smaller company and save the headache in the long run. Fingers crossed 🙂

The topic ‘Finding Unused AD Name’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort