howto://get upns for a list of sams

ps

I often find the need to have a list of UPNs when the only thing the customer provides me is a list of sAMAccountNames. Far too often users’ SAM and UPN don’t match, so it’s not as simple as tacking the UPN suffix onto the SAM and calling it a day. If you have a list of SAMs and you need to get UPNs, here’s two ways to do it. This assumes you have admin rights in AD, and a workstation on which you also have admin rights.

Single domain

The first way works well if you have a single domain, or just need to search a single domain.

1. Install the RSAT tools if they are not already in place. You will need the AD specific pieces.

2. Create a text file with one sAMAccountName per line. Name it users.txt.

3. Launch PowerShell and cd to the folder containing users.txt

4. Import the AD Module using this command
import-module activedirectory

5. Run this command
get-content users.txt | get-aduser | ft samaccountname, userprincipalname >userslist.txt

6. If you need to search a different domain, add the -searchscope “dc=sub,dc=example,dc=com” to the get-aduser command to specify the domain.

Entire Forest

If you want to quickly and easily search the entire forest, it’s a little more complicated.

You can do it the “low and slow” way using this. Substitute the servername for a GC in your environment, and your forest root where appropriate. This will take a LOOONGGG time to complete, but gets you there in a one liner.

$list | % {write-verbose $_ -verbose; get-aduser -ldapfilter "(samaccountname=$_)" -server gc-server1:3268
-searchbase "dc=sub,dc=example,dc=com"} | select samaccountname, userprincipalname  | export-csv .\upns.csv

Or if you are in a hurry and want to also use Excel, you can do this.

1. Run this command to just get EVERYBODY’s data.
get-aduser -ldapfilter "(samaccountname=*)" -server siladdc01:3268 -searchbase "dc=dir,dc=labor, dc=gov" | export-csv c:\scratch\allusers.csv

2. Import the data into Excel. Delete every column except the sAMAccountName and UPN, and delete all the header rows.

3. Create a new worksheet in Excel.

4. Import your source list into that.

5. Create the following formula in the next column of your second worksheet.

=VLOOKUP(A1,allusers!A:B,2,FALSE)

That will compare the sAMAccountNames in your source file to the full dump, and where it finds an exact match in column A, it will put in the UPN from column B.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.