In our day-to-day tasks, we may come across scenarios to get active directory users belonging to some specific OU or search ad users with UPN suffixes.
In PowerShell, we can get ad users filtered by userprincipalname or upn. Using the Get-Aduser userprincipalname property, get specific users from Active Directory, and get aduser filter by distinguished name in PowerShell.
PowerShell Get-ADUser cmdlet is used to get a specified user or get all or multiple user objects. Using the Get-ADUser, you can get a list of all users in a container or get a filtered list of users. The identity parameter is used to get specific Active Directory users.
You can get aduser object using its Security Account Manager (samaccountname), distinguished name, SID, or GUID. Using Get-ADUser -Identity, you can get all of the properties for a specific user using Properties. You can get an active directory user filter by user principal name.
Using PowerShell Get-ADUser cmdlet, it requires ActiveDirectory an add-on module to be installed
In Active Directory, UserPrincipalName (UPN) is the name of a system user in email address format. UPN (for example… Gary.Thom@domain.com) consists of a username, separator (@ symbol), and UPN suffix. UPN might not be the same as email.
In this article, we will discuss step by step to get active directory users by userprincipalname with examples.
Get-AdUser Filter UserPrincipalName suffix
In some cases, we have a requirement to get aduser with a certain upn suffix or upn is specific domain, we can easily do it using the PowerShell Get-AdUser filter command.
Let’s consider below get aduser filter userprincipalname like specific organization unit and upn suffix.
Get-AdUser by userprincipalname (upn) suffix and specific Organizational Units (OU) can be done easily with the below command.
$OrgUnit = "OU=Sales,DC=SHELLPRO,DC=LOCAL" $UPNSuffix = 'SHELLPRO.LOCAL' Get-ADUser -Filter "userPrincipalName -like '*$UPNSuffix'" -SearchBase $OrgUnit
In the above userprincipalname example using PowerShell get-aduser filter command, it returns active directory users from organizational unit (OU) and get aduser where userprincipalname like provided UPNSuffix.
The output of above get-aduser using userprincipalname as below
How to Get UPN from Get-AdGroupMember
To get aduser userprincipalname upn using Get-AdGroupMember, use the following PowerShell command.
Get-ADGroupmember -identity "Administrators" | % { get-aduser $_.samaccountname} | select name,userprincipalname | Export-csv -path C:\PowerShell\upn.csv -NoTypeInformation
In the above PowerShell get-aduser properties example, the Get-AdGroupMember command uses the -Identity parameter to specify the “Administrators” group members. This command gets upn from the get adgroup member having group name Administrators and export the list to csv file.
PowerShell Get Current User upn
In PowerShell to get upn of current user, run below command
Get-ADUser -Identity $env:USERNAME -Properties *| Select DisplayName, EmailAddress,UserPrincipalName
In the above PowerShell userprincipalname example, Get-ADUser cmdlet uses the -Identity parameter to specify $env:USERNAME to get current user logged on to system and use Properties * to select all additional properties for the user.
The second command uses Select to display email address, displayname and current user upn as below
Cool Tip: Using PowerShell search-adaccount to find accounts that are locked out!
How to Bulk Update Aduser Based on UserPrincipalName (upn)
In some cases, we want to bulk update active directory users with attributes like bulk update users department as there is some organizational change.
Let’s consider if we have list all active directory users in CSV file for whom we want to update their department name based on userprincipalname (upn).
# import csv file having user information and use Foreach to iterate objects
import-csv D:\PowerShell\ActiveDirectoryGroupList.csv | ForEach-Object {
Get-ADUser -Filter{UserPrincipalName -eq $($_.UserPrincipalName)} |
Set-ADUser -Replace @{Department="$($_.Department)"}
}
In the above get aduser by upn example, we first import CSV using Import-CSV having active directory user information like their name, displayname, userprincipalname, Department, etc..
We then user For-Each to iterate each active directory user from CSV and use Get-AdUser cmdlet to get aduser filter by userprincipalname, returned user.
The returned user then pass through using pipe (|) operator to Set-ADUser cmdlet to update ad user Department using Department name read from CSV file.
Get-AdUsers using UPN FAQ
Using PowerShell Get-Aduser cmdlet you can get active directory user information. Get-Aduser has userprincipalname property, using get-aduser upn, you will get userprincipalname value from active directory object.
Get-ADGroupmember -identity salesleader | % { get-aduser $_.samaccountname} | Select Name,UserPrincipalName
In the above PowerShell get all users filter by userprincipalname script, it returns all ad users from adgroup.
Cool Tip: How to use PowerShell Set-ADUser to modify Active Directory user attributes.
Conclusion
In the above article, I have explained how to get PowerShell ad user based on userprincipalname (upn) and bulk update ad user when upn like certain specific domain and
I hope the above article may help you to get aduser filter by userprincipalname or upn. You can read more about finding the UPN suffix in the active directory and if not available, add upn suffix in active directory using PowerShell and GUI application.
Read more about on get-aduser blog posts where I explained to get-aduser by email, get aduser properties, get-aduser filter from specific ou
You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.