Search for users in AD forest and stop when found

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Dan Potter Dan Potter 4 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #38170
    Profile photo of Peter Johnson
    Peter Johnson
    Participant

    I'm trying to locate users, read from a csv file, where the only information I have is the e-mail address as supplied by HR.

    I'm trying to optimize the search, because this forest is big, 26 domains and +/- 100K users.

    What I'm trying to do is take the input value, search through the each domain, using getqaduser, since it can return PrimarySMTPAddress, and when the user is located, drop out of the search process completely and write some attributes of the object found into another csv file.

    I've tried several variations of while and until functions and I can't get it right..

    an example is :

    import-module activedirectory
    Get-PSSnapin -Registered | Add-PSSnapin
    $adforest=Get-ADForest
    $addomlist=$adforest.domains
    $userfound=$false
    $searchaddress=Read-host("Enter the e-mail address you are looking for")

    Function CheckForUPN
    {
    param($inputobject)
    $inputobject

    $Script:userfound
    if($inputobject.PrimarySMTPAddress -eq $searchaddress)
    {
    $userfound=$true
    Write-Host("User $searchaddress found in domain $addom")
    exit
    }
    }

    foreach($addom in $addomlist)
    {
    Write-host("Searching Domain $addom")

    while($userfound -eq $false)
    {
    get-qaduser -SizeLimit 0 |
    CheckForUPN

    }
    }
    I know I'm being stupid 🙂 and any help would be greatly appreciated.

    I could use the Exchange CMDLETs and run get-recipient but I can't guarantee that the eventual users will have those tools to hand so I'm trying to keep it as generic as possible..

    Any help would be greatly appreciated.

    #40692
    Profile photo of Geoff Duke
    Geoff Duke
    Participant

    Why not use an Active Directory query to find any matching user object, rather than attempting to iterate over every user object in each domain until you find (or don't!) a match.

    You can skip the whole CheckforUPN function, and dump the while loop. Using the ActiveDirectory module from MS:

    foreach ($addom in $addomlist) {
        $emailaddress = 'smtp:' + $searchaddress
        Get-ADUser -filter { ProxyAddresses -eq $emailaddress } -Server $addom
    }
    

    The search filter matches a single value in a multivalued attribute, and because the search isn't case sensitive, it will match on any email address associated with the account, not just the Primary.

    Should be much faster, and simpler. See Get-ADUser doc for more info.

    #40718
    Profile photo of Dan Potter
    Dan Potter
    Participant

    You can make that shorter using ambiguous name resolution. I despise quest..

    get-aduser -filter "anr -eq 'smtp:[email protected]'"

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.