{"id":68853,"date":"2005-09-29T19:35:00","date_gmt":"2005-09-29T19:35:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2005\/09\/29\/how-can-i-determine-the-logon-name-for-a-user\/"},"modified":"2005-09-29T19:35:00","modified_gmt":"2005-09-29T19:35:00","slug":"how-can-i-determine-the-logon-name-for-a-user","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/how-can-i-determine-the-logon-name-for-a-user\/","title":{"rendered":"How Can I Determine the Logon Name for a User?"},"content":{"rendered":"

\"Hey, \n

Hey, Scripting Guy! How can I determine the user logon name for a user named John Smith?

— FR<\/P>\"Spacer\"\"Hey,\"Script<\/A> \n

Hey, FR. You know, we\u2019d like<\/I> to tell you how to determine the user logon name for a user named John Smith, but we can\u2019t: that\u2019s because we have a specific list of names representing the only<\/I> user names we can reference in one of our sample scripts. Unfortunately, John Smith isn\u2019t on that list, so we can\u2019t use his name.<\/P>\n

Yeah, we feel bad about that, too, but our hands are tied. But tell you what: how about we show you a script that determines the user logon name for a user named Ken Myer? Yes, we know: it\u2019s really not<\/I> the same, is it? But it\u2019s the best we can do:<\/P>

On Error Resume Next<\/p>\n
Const ADS_SCOPE_SUBTREE = 2<\/p>\n
Set objConnection = CreateObject(“ADODB.Connection”)\nSet objCommand =   CreateObject(“ADODB.Command”)\nobjConnection.Provider = “ADsDSOObject”\nobjConnection.Open “Active Directory Provider”\nSet objCommand.ActiveConnection = objConnection<\/p>\n
objCommand.Properties(“Page Size”) = 1000\nobjCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE <\/p>\n
objCommand.CommandText = _\n    “SELECT sAMAccountName FROM ‘LDAP:\/\/dc=fabrikam,dc=com’ WHERE objectCategory=’user’ ” & _\n        “AND givenName=’Ken’ AND sn=’Myer'”\nSet objRecordSet = objCommand.Execute<\/p>\n
objRecordSet.MoveFirst\nDo Until objRecordSet.EOF\n    Wscript.Echo objRecordSet.Fields(“sAMAccountName”).Value\n    objRecordSet.MoveNext\nLoop\n<\/PRE>\n
As you probably figured out, this is a script that searches Active Directory. We\u2019re not going to explain each and every line of code used in this script; that would take too long. If you\u2019re not familiar with Active Directory search scripts we encourage you to take a look at our two-part Tales from the Script <\/I>series Dude: Where\u2019s My Printer?<\/B><\/A> All the crazy-looking stuff you see in this script – ADsDSOObject, ADS_SCOPE_SUBTREE, ADODB.Command – is explained in detail in those two columns.<\/P>\n
We will, however, point out a few things regarding the query used to conduct the search. Probably the hardest part about writing scripts that search Active Directory is knowing the property names to search for. For example, you referred to the user logon name. We know what you mean by that and you know what you mean by that, but Active Directory has no idea what a user logon name is. Instead, Active Directory calls that same thing the sAMAccountName<\/B>. (Note<\/B>: Although the letter casing doesn\u2019t matter, we write this property name out as sAMAccountName<\/I> simply because that\u2019s the official name for the attribute.) Consequently, our SQL query retrieves the sAMAccountName for the specified user.<\/P>\n
And how do we specify that user? Well, we\u2019re looking for an Active Directory object that meets three criteria:<\/P>\n\n\n\n\n\n
\u2022<\/TD>\n\n
Is a user account. To limit returned data to user accounts we search for items where the objectCategory<\/B> is equal to user<\/I>.<\/P><\/TD><\/TR>\n
\u2022<\/TD>\n\n
Has a first name of Ken<\/I>. Of course, Active Directory doesn\u2019t know what a first name is. Therefore, we need to search for users with a givenName<\/B> of Ken<\/I>.<\/P><\/TD><\/TR>\n
\u2022<\/TD>\n\n
Has a last name of Myer<\/I>. As you might expect, Active Directory has never heard the term \u201clast name,\u201d either. Instead, we need to search for the sn<\/B> (surname) Myer<\/I>.<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n
Add that all together, and we end up with a query that looks like this:<\/P>
objCommand.CommandText = _\n    “SELECT sAMAccountName FROM ‘LDAP:\/\/dc=fabrikam,dc=com’ WHERE objectCategory=’user’ ” & _\n        “AND givenName=’Ken’ AND sn=’Myer'”\n<\/PRE>\n
The rest is easy. We execute the query, and Active Directory returns a recordset consisting of all the users with a giveName of Ken<\/I> and an sn of Myer<\/I>. We then set up a Do Until loop to walk through the recordset, echoing back the sAMAccountName for each user. (Ideally there will be only one Ken Myer in Active Directory, but you could have more than one user with the same first and last name. In that case the sAMAccountName will be the differentiating factor, because sAMAccountNames must<\/I> be unique.)<\/P>\n
Does that help? OK, look, don\u2019t tell anyone we said this, but take the script we just showed you, replace Ken<\/I> with John<\/I> and Myer<\/I> with Smith<\/I> and you\u2019ll have a script that searches for a user named John Smith. But that\u2019s just between you and us, OK? OK.<\/P><\/p>\n","protected":false},"excerpt":{"rendered":"
Hey, Scripting Guy! How can I determine the user logon name for a user named John Smith?— FR Hey, FR. You know, we\u2019d like to tell you how to determine the user logon name for a user named John Smith, but we can\u2019t: that\u2019s because we have a specific list of names representing the only […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,8,5],"class_list":["post-68853","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-searching-active-directory","tag-vbscript"],"acf":[],"blog_post_summary":"
Hey, Scripting Guy! How can I determine the user logon name for a user named John Smith?— FR Hey, FR. You know, we\u2019d like to tell you how to determine the user logon name for a user named John Smith, but we can\u2019t: that\u2019s because we have a specific list of names representing the only […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/68853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=68853"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/68853\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=68853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=68853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=68853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}