How Can I Determine the Logon Name for a User?
Hey, Scripting Guy! How can I determine the user logon name for a user named John Smith?
Hey, FR. You know, we’d like to tell you how to determine the user logon name for a user named John Smith, but we can’t: that’s because we have a specific list of names representing the only user names we can reference in one of our sample scripts. Unfortunately, John Smith isn’t on that list, so we can’t use his name.
Yeah, we feel bad about that, too, but our hands are tied. But tell you what: how about we show you a script that determines the user logon name for a user named Ken Myer? Yes, we know: it’s really not the same, is it? But it’s the best we can do:
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject(“ADODB.Connection”) Set objCommand = CreateObject(“ADODB.Command”) objConnection.Provider = “ADsDSOObject” objConnection.Open “Active Directory Provider” Set objCommand.ActiveConnection = objConnection
objCommand.Properties(“Page Size”) = 1000 objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE
objCommand.CommandText = _ “SELECT sAMAccountName FROM ‘LDAP://dc=fabrikam,dc=com’ WHERE objectCategory=’user’ ” & _ “AND givenName=’Ken’ AND sn=’Myer'” Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst Do Until objRecordSet.EOF Wscript.Echo objRecordSet.Fields(“sAMAccountName”).Value objRecordSet.MoveNext Loop
As you probably figured out, this is a script that searches Active Directory. We’re not going to explain each and every line of code used in this script; that would take too long. If you’re not familiar with Active Directory search scripts we encourage you to take a look at our two-part Tales from the Script series Dude: Where’s My Printer? All the crazy-looking stuff you see in this script – ADsDSOObject, ADS_SCOPE_SUBTREE, ADODB.Command – is explained in detail in those two columns.
We will, however, point out a few things regarding the query used to conduct the search. Probably the hardest part about writing scripts that search Active Directory is knowing the property names to search for. For example, you referred to the user logon name. We know what you mean by that and you know what you mean by that, but Active Directory has no idea what a user logon name is. Instead, Active Directory calls that same thing the sAMAccountName. (Note: Although the letter casing doesn’t matter, we write this property name out as sAMAccountName simply because that’s the official name for the attribute.) Consequently, our SQL query retrieves the sAMAccountName for the specified user.
And how do we specify that user? Well, we’re looking for an Active Directory object that meets three criteria:
Is a user account. To limit returned data to user accounts we search for items where the objectCategory is equal to user.
Has a first name of Ken. Of course, Active Directory doesn’t know what a first name is. Therefore, we need to search for users with a givenName of Ken.
Has a last name of Myer. As you might expect, Active Directory has never heard the term “last name,” either. Instead, we need to search for the sn (surname) Myer.
Add that all together, and we end up with a query that looks like this:
objCommand.CommandText = _ “SELECT sAMAccountName FROM ‘LDAP://dc=fabrikam,dc=com’ WHERE objectCategory=’user’ ” & _ “AND givenName=’Ken’ AND sn=’Myer'”
The rest is easy. We execute the query, and Active Directory returns a recordset consisting of all the users with a giveName of Ken and an sn of Myer. We then set up a Do Until loop to walk through the recordset, echoing back the sAMAccountName for each user. (Ideally there will be only one Ken Myer in Active Directory, but you could have more than one user with the same first and last name. In that case the sAMAccountName will be the differentiating factor, because sAMAccountNames must be unique.)
Does that help? OK, look, don’t tell anyone we said this, but take the script we just showed you, replace Ken with John and Myer with Smith and you’ll have a script that searches for a user named John Smith. But that’s just between you and us, OK? OK.