Incorrect UPN's and Active Directory

Hi Experts!

      One thing that is constantly causing issues for us is accounts in AD that have incorrect UPNs.  By incorrect, I mean the suffix is not, but rather  If the UPN of the AD account is not always, lots of stuff breaks, like IWA, password sync, user attribute import/export.  Is it possible to run something that enumerates the UPN for all users and dump the ones that don't have the correct suffix?  This way, I can get the output list that this script generates and contact those folks that are creating accounts incorrectly.  Any help with this  would be greatly appreciated.  Thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Sure, that's not too tricky.

This vbscript will drop them to a tab delimited text file. Should be easy enough to drop that into Excel or similar if required. It will have columns for the distinguishedName, name and current UPN.

The Filter at the top says which it will find, not that it's currently looking for those with *



strFilter = "(userPrincipalName=*"
strFields = "distinguishedName,name,userPrincipalName"
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.OpenTextFile("IncorrectUPN.txt", 2, True, 0)
objFile.WriteLine Replace(strFields, ",", VbTab)
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objRootDSE = GetObject("LDAP://RootDSE")
Set objRecordSet = objConnection.Execute( _
  "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">;" & _
  strFilter & ";" & strFields & ";subtree")
Set objRootDSE = Nothing
Dim arrLine()
While Not objRecordSet.EOF
  arrFields = Split(strFields, ",")
  ReDim arrLine(0)
  For i = 0 to UBound(arrFields)
    ReDim Preserve arrLine(i) : arrLine(i) = ""
    arrLine(i) = objRecordSet.Fields(arrFields(i)).Value
  objFile.WriteLine Join(arrLine, VbTab)

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chris DentPowerShell DeveloperCommented:

I should have noted that I posted VbScript because of the zones it was posted, but you can do the same thing through anything that can use the LDAP Filter (AD Users and Computers, DSQuery, ADFind, etc, etc).

This is the important part:


That's used to find the results, everything else is just a wrapper to make it do it and write the results out.

There's only one other modification I can think might be useful. If you wanted this to search an entire forest you would modify this line:

  "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">;" & _

Changing it to:

  "<GC://" & objRootDSE.Get("rootDomainNamingContext") & ">;" & _

Although it falls apart a bit if you have a disjointed namespace.

itsmevicAuthor Commented:
YOU sir ARE tha MAN!
itsmevicAuthor Commented:
Awesome work!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.