Reputation: 21
Getting the Full Azure AD UserID for a local User
I'm trying to answer what I hope is a simple question. I have a device enrolled in AzureAD and autopiloted. Using the IntuneManagementExtenstion I'd like to acquire the FULL user name of the user currently logged in to use elsewhere in scripts. I cannot see a way of doing it.
All the example I can find return either the short name, or the AzureAD domain and the user name for example:
Tenant is mytestdomain.onmicrosoft.com User is [email protected]
most methods if you just google or search stackoverflow will return either:
AzureAD\mytestuser or mytestuser
I need one that returns the full [email protected]. This is because the tenant has several vanity names so I need to determine which one is logged in (for example [email protected] is a different user account to [email protected] or [email protected]). Therefore, I can't just append my tenant name on the end of the output other methods.
Any thoughts appreciated. Methods that require installation of msol/azuread modules don't seem to work as they require user login, which defeats the point, and as it's being run by the intune management extension, the user can't interact anyway.
Thanks
Upvotes: 1
Views: 2529
Answers (3)
Reputation: 1
Get-ItemPropertyValue (((Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo/*").Name).Replace('HKEY_LOCAL_MACHINE','HKLM:')) TenantId,UserEmail
No admin privileges required.
Error handling : Try { Get-ItemPropertyValue (((Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo/*").Name).Replace('HKEY_LOCAL_MACHINE','HKLM:')) TenantId,UserEmail -ErrorA Stop } Catch { Write-Output "PROBLEM" }
Or only Tenant Id
Try {(Get-ItemProperty -ErrorA Stop (((Get-Item "HKLM:/SYSTEM/CurrentControlSet/Control/CloudDomainJoin/JoinInfo/*").Name).Replace('HKEY_LOCAL_MACHINE','HKLM:')) TenantId).TenantId}Catch{Write-Output "PROBLEM"}
Upvotes: 0
Reputation: 11
This line will return UPN from domain join info in registry. Must be run with admin priveleges
[string]$($1='Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo\';if(Test-Path -Path $1){(Get-ItemProperty -Path ('{0}\{1}' -f ($1,(Get-ChildItem -Path $1).Name.Split('\')[-1])) -Name 'UserEmail' | Select-Object -ExpandProperty 'UserEmail')}else{''})
Upvotes: 0
Reputation: 57
I'm a little busy to test this right now, but it should do the trick.
You can have Intune run a Powershell script. This command will return the full user account name in the format you've described.
whoami.exe /UPN
Since you've stated you want the user who is logged in already. When you are configuring the settings in Intune, make sure to select the option to "Run this script using the logged on credentials".
Upvotes: 1
Related Questions
- How to get the Azure AD objectid of the signed in user?
- Using Get-AzureAdUser is there a way to pull back all users from source "windows server ad"?
- Azure DevOps Get Current User ObjectId
- Powershell: How do I get the name from Azure Active Directory user (Get-AzADUser)
- Return users ObjectID from Get-AzureADDevice
- How to get Azure Active Directory user details from pipeline?
- Getting particular user details from AzureAD using Powershell cmdlets in C#
- How to retrieve the employeeid attribute
- How to get an Azure Active Directory username in Windows Powershell?
- how to get the tenant ID associated with an active directory created in the azure in powershell