Private/Get-ADUserByMail.ps1
|
function Get-ADUserByMail { <# .SYNOPSIS Searches for a user by mail attribute across multiple domains using ADSISearcher. .PARAMETER Email The user’s email address. .PARAMETER Domains An array of DNS domain names (e.g., @("lab.company.com", "test.company.com")). .OUTPUTS The user’s distinguishedName as a [string], or $null if not found or ambiguous. #> param( [Parameter(Mandatory)][string]$Email, [Parameter(Mandatory)][string[]]$Domains ) $escapedEmail = $Email -replace '([\\*()\0])', { '\{0:x2}' -f [byte][char]$args[0].Value } $filter = "(&(objectCategory=person)(objectClass=user)" + "(mail=$escapedEmail)" + "(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" $matchedUsers = @() foreach ($domain in $Domains) { try { $dcParts = $domain -split '\.' | ForEach-Object { "DC=$_" } $dcPath = $dcParts -join ',' $searchRoot = [ADSI]"GC://$dcPath" $searcher = New-Object DirectoryServices.DirectorySearcher $searcher.SearchRoot = $searchRoot $searcher.SearchScope = 'Subtree' $searcher.PageSize = 100 $searcher.Filter = $filter $searcher.PropertiesToLoad.Add("distinguishedName") | Out-Null $results = $searcher.FindAll() if ($results.Count -gt 0) { $matchedUsers += $results } } catch { Write-Warning "Error checking user in $domain : $_" } } if ($matchedUsers.Count -eq 1) { return $matchedUsers[0].Properties["distinguishedName"][0] } if ($matchedUsers.Count -gt 1) { Write-Warning "Multiple users matched for email '$Email'. Skipping." } else { Write-Verbose "User not found in any domain." } return $null } |