how to catch difference in samaccountName

Welcome Forums General PowerShell Q&A how to catch difference in samaccountName

Viewing 5 reply threads
  • Author
    Posts
    • #226308
      Participant
      Topics: 30
      Replies: 74
      Points: 400
      Rank: Contributor

      Hi

      In AD by preference the Users Email address isĀ  SamAccountName + @mydomain.com.
      I recently noticed that there are differences here where the SamAccountName is not following this standard(don’t ask me why)

      in my offboarding script it can happen that the $user.samAccountName returns an error because the standard convention as mentioned above has not been respected, or the user has asked to change his name From Paulus into Paul.

       

      my script looks as follows

      in the CSV I have 2 headers SamAccountName and Email
      example
      SamAccountName, Email

      Paul,Paul@mydomain.com

      userPrincipalName = Paulus@mydomain.com
      SamAccounName = Paulus

      What I would like to achieve is that if $user.SamAccountName fails that I will take the required steps to Modify the samAccountName Based upon the $User.email

      this code I use to capture the difference in samaccountName

      
      $users = import-csv c:\temp\toRemove.csv
      
      $test = get-aduser -filter{EmailAddress -eq $email} -properties Emailaddress
      $Emailaddress = get-aduser -identity $user -properties Emailaddress
      
      $UserPrincipalName = get-aduser $user -properties UserPrincipalName
      
      If(!($UserPrincipalName.UserPrincipalName -eq $Emailaddress.EmailAddress)){
      write-host “$($EmailAddress.EmailAddress) is not equal to $($UserPrincipalName.UserPrincipalName)”
      $NewUser = $($UserPrincipalName.UserPrincipalName) -split(“@”)
      $newuser[0]
      
      }
      
      

      and would like to integrate this in the below for each I only don’t know what the best way is using the IF statement or a select case senario?

      
      $users = import-csv c:\temp\toRemove.csv
      
      foreach($user in $users){
      
      $testSamAccountName = get-aduser -Identity $user.SamAccountName # this fails
      if(!($testSamAccountName)){
      $TestEmail = Get-ADUser -filter{EmailAddress -eq $user.email} -properties EmailAddress
      
      }
      }
      

      thanks for your input

      Paul

      • This topic was modified 3 weeks, 4 days ago by acer460527.
      • This topic was modified 3 weeks, 4 days ago by acer460527.
    • #226371
      Senior Moderator
      Topics: 8
      Replies: 1215
      Points: 4,335
      Helping Hand
      Rank: Community Hero

      you may use Try catch block as it throws error and may be in catch block you can read the error continue based on the error.

      Try{
          $testSamAccountName = get-aduser -Identity $user.SamAccountName -ErrorAction Stop
      }
      Catch{
          if($_ -match "the expectederror message"){
            $TestEmail = Get-ADUser -filter{EmailAddress -eq $user.email} -properties EmailAddress
          }
          else{
            Throw $_
          }
      }
      
    • #226413
      Participant
      Topics: 12
      Replies: 1622
      Points: 2,560
      Helping Hand
      Rank: Community Hero

      Another option is to just search for both values, but it would be possible to return more than one user:

      $users = import-csv c:\temp\toRemove.csv
      
      foreach ( $user in $users ){
      
             $samAccountName = $user.SamAccountName
             $email = $user.Email
      
             $adUser =  Get-ADUser -Filter { (EmailAddress -eq $Email) -or (SamAccountName -eq $samAccountName) } -Properties EmailAddress
      
             if ($adUser) {
                    'Found user with lookup {0} or {1}' -f $email,$samAccountName
                    $adUser
             }
             else {
                    'No user found with lookup {0} or {1}' -f $email,$samAccountName
             }
      
      }
      
      
      
      		
      	
    • #226584
      Participant
      Topics: 30
      Replies: 74
      Points: 400
      Rank: Contributor

      Thanks for your reaction

       

      • This reply was modified 3 weeks, 3 days ago by acer460527.
    • #226605
      Participant
      Topics: 30
      Replies: 74
      Points: 400
      Rank: Contributor

      I now face the following issue that when I want to update the SamAccountName with the New SamAccountName
      in this example it works

      
      $users = import-csv c:\temp\toRemove.csv
      
      foreach ( $user in $users ){
      
      $samAccountName = $user.SamAccountName
      $email = $user.Email
      
      $adUser = Get-ADUser -Filter { (EmailAddress -eq $Email) -or (SamAccountName -eq $samAccountName) } -Properties EmailAddress
      
      if ($adUser) {
      
      ‘Found user with lookup {0} or {1}’ -f $email,$samAccountName
      $NewUser= $($adUser.UserPrincipalName) -split(“@”)
      $user = $NewUser[0]
      $user
      }
      else {
      ‘No user found with lookup {0} or {1}’ -f $email,$samAccountName
      }
      
      }
      

      error that I now get is

      
      Cannot find an object with identity: ‘Paul’ under: ‘DC=mydomain,DC=com’.
      + CategoryInfo : ObjectNotFound: (akir:ADUser) [Get-ADUser], ADIdentityNotFoundException
      + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetAD
      User
      + PSComputerName : cfdc01.mydomain.com
      
      

      How can I make sure that the $user.SamaccountName is populated with “Paulus” instead of the value found in the CSV file?
      Do I need to update the CSV file first or is there a different way other then what I tried above?

      • This reply was modified 3 weeks, 3 days ago by acer460527.
      • This reply was modified 3 weeks, 3 days ago by acer460527.
    • #227005
      Participant
      Topics: 30
      Replies: 74
      Points: 400
      Rank: Contributor

      hi

      I discovered that when I use Bob’s solution it works while directly working on the AD server with PSSession it’s not any suggestions?

      Paul

Viewing 5 reply threads
  • You must be logged in to reply to this topic.