how to catch difference in samaccountName

Hi

In AD by preference the Users Email address is SamAccountName + @mydomain.com.
I recently noticed that there are differences here where the SamAccountName is not following this standard(don’t ask me why)

in my offboarding script it can happen that the $user.samAccountName returns an error because the standard convention as mentioned above has not been respected, or the user has asked to change his name From Paulus into Paul.

 

my script looks as follows

in the CSV I have 2 headers SamAccountName and Email
example
SamAccountName, Email

Paul,Paul@mydomain.com

userPrincipalName = Paulus@mydomain.com
SamAccounName = Paulus

What I would like to achieve is that if $user.SamAccountName fails that I will take the required steps to Modify the samAccountName Based upon the $User.email

this code I use to capture the difference in samaccountName

[pre]

$users = import-csv c:\temp\toRemove.csv

$test = get-aduser -filter{EmailAddress -eq $email} -properties Emailaddress
$Emailaddress = get-aduser -identity $user -properties Emailaddress

$UserPrincipalName = get-aduser $user -properties UserPrincipalName

If(!($UserPrincipalName.UserPrincipalName -eq $Emailaddress.EmailAddress)){
write-host “$($EmailAddress.EmailAddress) is not equal to $($UserPrincipalName.UserPrincipalName)”
$NewUser = $($UserPrincipalName.UserPrincipalName) -split("@")
$newuser[0]

}

[/pre]

and would like to integrate this in the below for each I only don’t know what the best way is using the IF statement or a select case senario?

[pre]

$users = import-csv c:\temp\toRemove.csv

foreach($user in $users){

$testSamAccountName = get-aduser -Identity $user.SamAccountName # this fails
if(!($testSamAccountName)){
$TestEmail = Get-ADUser -filter{EmailAddress -eq $user.email} -properties EmailAddress

}
}
[/pre]

thanks for your input

Paul

you may use Try catch block as it throws error and may be in catch block you can read the error continue based on the error.

Try{
    $testSamAccountName = get-aduser -Identity $user.SamAccountName -ErrorAction Stop
}
Catch{
    if($_ -match "the expectederror message"){
      $TestEmail = Get-ADUser -filter{EmailAddress -eq $user.email} -properties EmailAddress
    }
    else{
      Throw $_
    }
}

Another option is to just search for both values, but it would be possible to return more than one user:

$users = import-csv c:\temp\toRemove.csv

foreach ( $user in $users ){

       $samAccountName = $user.SamAccountName
       $email = $user.Email

       $adUser =  Get-ADUser -Filter { (EmailAddress -eq $Email) -or (SamAccountName -eq $samAccountName) } -Properties EmailAddress

       if ($adUser) {
              'Found user with lookup {0} or {1}' -f $email,$samAccountName
              $adUser
       }
       else {
              'No user found with lookup {0} or {1}' -f $email,$samAccountName
       }

}

Thanks for your reaction

 

I now face the following issue that when I want to update the SamAccountName with the New SamAccountName
in this example it works [pre]

$users = import-csv c:\temp\toRemove.csv

foreach ( $user in $users ){

$samAccountName = $user.SamAccountName
$email = $user.Email

$adUser = Get-ADUser -Filter { (EmailAddress -eq $Email) -or (SamAccountName -eq $samAccountName) } -Properties EmailAddress

if ($adUser) {

‘Found user with lookup {0} or {1}’ -f $email,$samAccountName
$NewUser= $($adUser.UserPrincipalName) -split("@")
$user = $NewUser[0]
$user
}
else {
‘No user found with lookup {0} or {1}’ -f $email,$samAccountName
}

}
[/pre]

error that I now get is

[pre]

Cannot find an object with identity: ‘Paul’ under: ‘DC=mydomain,DC=com’.

  • CategoryInfo : ObjectNotFound: (akir:ADUser) [Get-ADUser], ADIdentityNotFoundException
  • FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetAD
    User
  • PSComputerName : cfdc01.mydomain.com

[/pre]

How can I make sure that the $user.SamaccountName is populated with “Paulus” instead of the value found in the CSV file?
Do I need to update the CSV file first or is there a different way other then what I tried above?

hi

I discovered that when I use Bob’s solution it works while directly working on the AD server with PSSession it’s not any suggestions?

Paul