How to check if an AD user exists

Question

I am working on error checking in my "Copy AD User" powershell script. I use forms to ask for specific information, and the purpose of this question is to make sure i'm putting in error checking correctly.

IF ($Username.Text -eq Get-ADUser ($Username.Text))
    {$wshell = New-Object -ComObject Wscript.Shell
    $wshell.PopUp("This username already exists.  Please choose another")}

The $Username.Text is the text box where the username for the new account is being pulled from. I want to run this through AD to see if that username already exists, and then display a message if it does.

Am I going about it the correct way?

Pastebin of Full Code

Answer 1

Here's one quick way:

([ADSISearcher] "(sAMAccountName=kendyer)").FindOne()

If it returns no results, the user account was not found.

As a function:

function Test-ADUser {
  param(
    [Parameter(Mandatory)]
    [String]
    $sAMAccountName
  )
  $null -ne ([ADSISearcher] "(sAMAccountName=$sAMAccountName)").FindOne()
}

Answer 2

The problem with Get-ADUser -Identity $Username.Text is that it throws an exception when it fails to find something. If you want to avoid that, you have to search with a filter:

if (!(Get-ADUser -Filter "sAMAccountName -eq '$($Username.Text)'")) {
    Write-Host "User does not exist."
}

Otherwise, you can do something like:

try {
    Get-ADUser -Identity $Username.Text
    $UserExists = $true
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
    Write-Host "User does not exist."
    $UserExists = $false
}

Answer 3

To answer your question directly you should probably do something like this. if Get-ADUser returns anything but $null, then the SamAccountName already exists.

IF ($null -ne $(Get-ADUser -Filter "SamAccountName -eq '$($Username.Text)'"))
    {$wshell = New-Object -ComObject Wscript.Shell
    $wshell.PopUp("This username already exists.  Please choose another")}

Explanation

You can search for each LdapDisplayName property individually. The basic syntax is:

Get-ADUser -Filter "<LdapDisplayName> -eq '<String Value>'"

Examples

Get-ADUser -Filter "SamAccountName -eq '$SamAccountName'"
Get-ADUser -Filter "UserPrincipalName -eq '$UserPrincipalName'"
Get-ADUser -Filter "EmailAddress -eq '$EmailAddress'"
Get-ADUser -Filter "Name -eq '$Name'"

When Get-ADuser can't find a match it will return $null, which is easy to test for. Note that when you use the -Filter parameter Get-ADUser will NOT throw an error if an ADUser can not be found.

$ExistingADUser = Get-ADUser -Filter "SamAccountName -eq '$SamAccountName'"

if($null -eq $ExistingADUser){
    write-host "SamAccountName '$SamAccountName' does not yet exist in active directory" 
}

how to use the filter parameter

Answer 4

I use this function in many of my scripts. If you just run Test-ADUser -Username $Username, it will return the user properties AND true if the user exists and False if it does not.

If using to test a condition (does the user exist?) it will return true or false

Save the function and the export Export-ModuleMember as a .psm1 file. Example: ADutils.psm1

Create a folder with the same name as the file. Example: ADutils

Put the file in the folder

Put the folder in C:\Windows\System32\WindowsPowerShell\v1.0\Modules\

Restart power shell and import-module ADutils -verbose

(Pick a good name for the file and folder. This will be the module name. You can add a great many more functions to this module by writing the function and ensuring that the Export-ModuleMember -Function exists for every function you write)

Function Test-ADUser {  
   [CmdletBinding()]  
  param(  
    [parameter(Mandatory=$true,position=0)]  
    [string]$Username  
    )  
     Try {  
       Get-ADuser $Username -ErrorAction Stop  
       return $true  
       }   
    Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {  
        return $false  
        }  
}   
Export-ModuleMember -Function Test-ADUser  


IF (Test-ADUser -Username w096224){  
   (New-Object -ComObject Wscript.Shell).PopUp("This username already exists.    Please choose another")  
}