Pull SamAccountName from UserDisplayName

This topic contains 2 replies, has 2 voices, and was last updated by  ChrisF 1 week, 1 day ago.

  • Author
    Posts
  • #103771

    ChrisF
    Participant

    I am trying to automate our ActiveSync approval process at work. I've created a script that queries all devices with the status "DeviceAccessState = False" and pulls the Device ID, UserDisplayName, DeviceType, and Identity into a CSV file. That part works fine.
    The trouble I encounter is when I run my other script that is supposed to pull the SamAccountName for each user by referencing the UserDisplayName that I get from the Get-MobileDevice cmdlet, which is what I use to generate the CSV. Here is my script"

    cls
    Import-Module ActiveDirectory
    $Users = Import-Csv -path "C:\QuarantineUser.csv"
    
    foreach ($User in $Users)
    {
        Write-Output $User.UserDisplayName #This is to verify that it is pulling the UserDisplayName data from the 'Quarantine' file#
        $Name = Get-ADUser -filter {DisplayName -eq "$User.UserDisplayName*"} -properties * | Select SamAccountName
        Write-Output "$Name.samaccountname"
    }
    
    

    This is the output of the script: *user names altered to protect the innocent*
    Ellen Ripley
    .samaccountname

    Dennis Menace
    .samaccountname

    ...and so on.

    I want to pull the SamAccountName by using the UserDisplayName so that I can query a specific security group to see if the users contained in the Quarantine file are members. If they are members then the next step would be to set the DeviceAccessState for their ActiveSync device to Allowed. The roadblock I am running into is with the $Name variable. Although the UserDisplayName provided by the Get-MobileDevice cmdlet appears to put the UserDisplayName in the same format as the DisplayName found by Get-ADUser, it does not seem to translate to a samaccountname when I attempt to search by the UDN.

    Any help would be greatly appreciated!

  • #103774

    postanote
    Participant

    Get-ADUser, already gives you the SamAccountName and more. Why do you feel you need to kludge it by extrapolating from the DisplayName. You can pull both of those at the same time and if all you want in the SAM, then pull it directly.

    Get-ADUser -Filter * -Property DisplayName,SamAccountName | Select-Object -First 1
    
    # Results
    DisplayName       : Administrator
    ...
    SamAccountName    : Administrator
    ...
    

    Of course this you just use a comparison to your list, then just use the ADGroup cmdlets to pull the additional info you are after.

  • #104284

    ChrisF
    Participant

    Thanks, postanote. I was just over thinking it. Much appreciated!

You must be logged in to reply to this topic.