ak2595
Reputation: 321
How to validate if my user has an ADM account based on samaccountname
I would like to validate if my standard user has an admin account in AD.
Example, the samaccountname of Smith, Joe is SmithJ. I want to check if he has an ADMSmithJ in the AD
$samaccountname = Read-Host "Please type the samaccountname"
$AdUser = get-aduser $samaccountname -Properties samaccountname
Try { get-aduser "adm"$samaccountname? -Properties samaccountname
}catch{ write-host "the user $samaccountname doesnt have a priviledge (Adm) Account."
}
Upvotes: 1
Views: 73
Answers (1)
Santiago Squarzon
Reputation: 61083
You could do it like this, instead of try / catch, I would personally filter for a user having Name or SamAccountName:
$account = Read-Host "Please type the SamAccountName"
try {
$adUser = Get-ADUser $account
$admUser = 'adm' + $adUser.Surname + $adUser.GivenName[0]
if($adUser = Get-ADUser -LDAPFilter "(|(name=$admUser)(samAccountName=$admUser))") {
# if the AD object exists in AD, return the object
$adUser
}
else {
"No user found with SamAccountName '$admUser' in AD."
}
}
catch {
Write-Warning $_
}
Upvotes: 2
Related Questions
- Find out if a Security Account Manager (SAM) name is a user or a group
- How to check if an AD user exists
- How to check if disabled samaccountnames are contained/part of an enabled samaccountname in AD (e.g. the disabled user has -adm or -tst account?_
- Manager checking through powershell and Get-ADUser
- Get SamAccountName from AD
- Filter result from Get-ADUser using sAMAccountname
- Check if user is service account
- AD samAccountname scripting error
- Determine if AD account Exists based on firstname lastname
- Determine If Users Are In Active Directory With PowerShell