locked
how to know if the ad user exists is AD RRS feed

  • Question

  • Hello guys,

    I have been trying to do something in PowerShell for the last 3 hours. Maybe is something simple and I'm overthinking it. I want to create. Here is the background. I want to create a new hire scrip but before I even start to work on that, I wanted to create a function that creates a SamAccountName taking the first later of the name and the last name. after that, the function will look in AD for that SamAccountName. if there is someone with that SamAccountName, the function will tall me that. If no, the function will tell me too. this is that I have.

    Foreach($User in $ListofUser){
    [String]$UserID = @($User.FirstName[0]+$User.LastName)
    Write-Host -ForegroundColor Green "Looking for $UserID in Active Directory"
    Try{$ADuser = Get-ADUser -Identity $UserID -ErrorAction SilentlyContinue
    if($ADuser.Enabled -eq "True","False"){
    Write-Warning "The UserID $UserID is not available"
    }
    if([String]::IsNullOrEmpty($ADuser)){
    Write-Host -ForegroundColor Green "The UserID $UserID is available"
    }
    }
    Catch{

    }
    }
    }

    can someone tell me I way to do this? 

    Saturday, March 24, 2018 10:34 PM

All replies

  • First post your code using the code posting tool.  Format the code with correct indenting.  See forum guidelines for this.  Edit you original post to fix it.


    \_(ツ)_/

    Saturday, March 24, 2018 10:47 PM
  • To test an SamAccountName  we do this.

    if(Get-ADUser -Filter "SamAccountName -eq '$UserID'"){
        # account name is in use
    }else{
        # accountname is not in use
    }
    


    \_(ツ)_/

    Saturday, March 24, 2018 10:49 PM
  • Sorry, is the first time that I Post.  I didn't know about the rules.
    Saturday, March 24, 2018 10:58 PM
  • Thank you so much, I can't believe it was that something that easy. I was overthinking it 
    Saturday, March 24, 2018 10:59 PM
  • Here is another one.

    If ([adsi]::Exists("LDAP://($ADuser.DistinguishedName)")
    {
         # User exists
    }
    else
    {
         # User doesn't exist
    }


    -KT


    • Edited by ketanbhut Sunday, March 25, 2018 2:40 AM Missing closing quote
    Sunday, March 25, 2018 2:39 AM
  • Here is another one.

    If ([adsi]::Exists("LDAP://($ADuser.DistinguishedName)")
    {
         # User exists
    }
    else
    {
         # User doesn't exist
    }


    -KT


    But doesn't work if you only have an a SamAccountName which is the original request. Please read the original question carefully.


    \_(ツ)_/


    • Edited by jrv Sunday, March 25, 2018 3:23 AM
    Sunday, March 25, 2018 3:23 AM
  • Here is another one.

    If ([adsi]::Exists("LDAP://($ADuser.DistinguishedName)")
    {
         # User exists
    }
    else
    {
         # User doesn't exist
    }


    -KT


    Perhaps you were thinking of:

    If( ([adsisearcher]"samaccountname=$ADuserID").FindOne()){
         # User exists
    }else{
         # User doesn't exist
    }



    \_(ツ)_/

    Sunday, March 25, 2018 3:29 AM
  • May be I misread. I checked this line from OP's code:

    Try
    {
        $ADuser = Get-ADUser -Identity $UserID -ErrorAction SilentlyContinue
    
        If ([adsi]::Exists("LDAP://($ADuser.DistinguishedName)")
        {
            Add-Content $logFile ($timeStamp + " : User $UserID already exists.")
    Assuming he received user object already in $ADuser. But if there is no user with that SamAccountName, he will be in catch block.



    -KT

    Sunday, March 25, 2018 6:59 AM
  • This is better. He can probably avoid try/catch.

    -KT

    Sunday, March 25, 2018 7:05 AM
  • The users code has nothing to do with the question or problem.  It is just bogus code copied for some unknown reason.  You have to read the request to understand the issue.  While doing that can work it is unnecessary and the Get-AdUser will fail making the rest of the code unusable.  How can you test the DN for a user that doesn't exists?  If the Get fails there is no point in using "Exists" because the user does not exist.  It is all simple logic which the user doesn't see because he is just copying code that he doesn't understand.

    Using the filter detect if the user exists without causing an error.  We can either use Get-AdUser of the adsisearcher to test the exisitence of a SamAccountName which is what is required and not a user object.


    \_(ツ)_/

    Sunday, March 25, 2018 7:10 AM
  • This is better. He can probably avoid try/catch.

    -KT

    What is better?  You have to be clear with comments in a forum or we have no way of matching the comment to a post.


    \_(ツ)_/

    Sunday, March 25, 2018 7:11 AM
  • Ok, I'll clarify what I meant.

    This option of using [adsisearcher] sounds better to me than using Get-ADUser CmdLet, because

    If( ([adsisearcher]"samaccountname=$ADuserID").FindOne())

    returns True or False right away, against in case of Get-ADUser we have to handle the error.

    I have not checked/considered any other aspects of using one v/s another.


    -KT

    Sunday, March 25, 2018 7:47 AM
  • "adsisearcher" is also the fastest way to test when you only have a SamAccountName to test.  It also works with "name" but will not be useful in this case since "name" or "CN" is not unique in the domain.


    \_(ツ)_/

    Sunday, March 25, 2018 7:50 AM