Validate the existence of user account in AD using Powershell


This is a small script that is used to check if the given user account does exists in Active Directory. If you have a xml/csv/txt file with multiple user accounts to be checked then this script can be used with some modification to read the data from the file.

The input data for the below script are:

  • Username: This variable will hold the user account to be checked
  • ADServer: Active Directory server name to which the LDAP query will be sent
  • ADPort: Active Directory port number. Port 389 is the default port for the Lightweight Directory Access Protocol

Below is the script.

######################################################################################################
#Validate if the specified account exists in AD
######################################################################################################

#ActiveDirectory Module is been imported to Powershell. This is explained here.
Import-Module ActiveDirectory

$Username=Read-host -prompt “`nPlease enter the user account [domain\account]:”
$ADServer=Read-host -prompt “`nPlease enter the AD Server name [NetBIOS name]:”
$ADPort=Read-host -prompt “`nPlease enter the AD port no.:”

#Using WMI object to retrieve the domain name
$ADDomainName=(Get-WmiObject Win32_ComputerSystem).Domain

#Splitting the domain name a.com to a and com
$D1name=($ADDomainName.Split(“.”)[0])
$D2name=($ADDomainName.Split(“.”)[1])
write-host(“Retrieved the Root AD domain.”)

#Function with LDAP query to check the user account in AD
Function Check-ADUser
{
    Param ($Username)
 
    $Username = ($Username.Split(“\”)[1])
    $ADCompletePath = “LDAP://”+$ADServer+”:”+$ADPort+”/DC=”+$D1name+”,DC=”+$D2name
    $ADRoot =  [ADSI]'”$ADCompletePath”‘

    $ADSearch = New-Object System.DirectoryServices.DirectorySearcher($ADRoot)  
    $SAMAccountName = “$Username”
    $ADSearch.Filter = “(&(objectClass=user)(sAMAccountName=$SAMAccountName))”
    $Result = $ADSearch.FindAll()
 
    If($Result.Count -eq 0)
    {
        $Status = “0”
    }
    Else
    {
        $Status = “1”
    }
     
    $Results = New-Object Psobject
    $Results | Add-Member Noteproperty Status $Status
    Write-Output $Results     
}

$Status = (Check-ADUser -username $username).Status
If ($Status -eq 1)
{
    write-host(“$UserName exists.”)
} Else {
    write-host(“$UserName does not exists. Please give a valid account.”)
    Exit
}

Comments (4)

  1. Mike Crowley says:

    Why do we need to get into WMI?  Something like should work too and is a little simpler:

    $UserList = get-content c:usernamelist.txt

    Foreach ($Item in $UserList) {

    $tempcount = (Get-aduser -filter {displayname -eq $Item}).count

    if ($tempcount -lt 1) {Write-Host $Item  "Not Valid"}

    }

  2. PashaR says:

    This works fine for single domain

    get-content C:tempRPtest-scriptsUserInput.txt | %  {

    $user = Get-QADUser $_

    if (!$user){

         "User $_ could not be found"

    } else {

       Get-QADUser $user | SELECT NTAccountName,DisplayName,samAccountName }} |

    Out-File C:tempRPtest-scriptsUseroutput.txt

    Need Help: can anyone edit this script to check in muliple domains / accross forest…

    Regards,

  3. PashaR says:

    UserInput.txt : this file has AD users from multiple Domains with samAccountName (only )

    Useroutput.txt : the script will look for all the users from UserInput.txt against AD and sends the result to Useroutput.txt

  4. Refuses to upgrade says:

    @mike

    The reason is that the Get-ADUser cmdlet is not available on Windows XP, only with the RSAT tool installation.

    In this case, I'm stubborn and won't use the Quest (Get-QADUser) either. This is the best way without those tools.

Skip to main content