PSCitrix

2.1.0

Public/Get-ADUserDomain.ps1

                                <#

.SYNOPSIS

    Retrieves the domain of an Active Directory user based on their sAMAccountName.

.DESCRIPTION

    The Get-ADUserDomain function queries Active Directory to find the domain associated with a specified user's sAMAccountName.

    It searches in the primary global catalog, and optionally in a secondary global catalog if the primary search fails.

.PARAMETER SamAccountName

    The sAMAccountName of the user for whom the domain is to be determined.

.PARAMETER PrimaryCatalog

    The LDAP path of the primary global catalog server to search.

.PARAMETER SecondaryCatalog

    The LDAP path of the secondary global catalog server to search if the primary search fails. This parameter is optional.

.EXAMPLE

    PS> Get-ADUserDomain -SamAccountName "jdoe" -PrimaryCatalog "GC://dc=test,dc=LOCAL"

    Attempts to find the domain of the user "jdoe" in the primary global catalog.

.EXAMPLE

    PS> Get-ADUserDomain -SamAccountName "jdoe" -PrimaryCatalog "GC://dc=test,dc=LOCAL" -SecondaryCatalog "GC://dc=corp,dc=test,dc=com"

    Searches for "jdoe" in the primary catalog, and if not found, tries the secondary catalog.

.NOTES

    Requires Active Directory RSAT tools installed and the appropriate permissions to read Active Directory objects.

#>

Function Get-ADUserDomain {

    [CmdletBinding()]

    Param(

        [Parameter(Mandatory = $true)]

        [string]$SamAccountName,

        [Parameter(Mandatory = $true)]

        [string]$PrimaryCatalog,

        [Parameter(Mandatory = $false)]

        [string]$SecondaryCatalog

    )

    # Helper function to perform AD search

    function Search-AD {

        Param(

            [string]$SearchRoot

        )

        Try {

            $searcher = New-Object System.DirectoryServices.DirectorySearcher

            $searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry($SearchRoot)

            $searcher.PageSize = 1000

            $searcher.Filter = "(&(objectCategory=User)(sAMAccountName=$SamAccountName))"

            $searcher.SearchScope = "Subtree"

            $result = $searcher.FindOne()

            if ($null -ne $result) {

                $distinguishedName = $result.Properties["distinguishedname"][0]

                return [regex]::Match($distinguishedName, 'DC=([^,]+)').Groups[1].Value

            } else {

                return $null

            }

        } Catch {

            Write-Warning "Error accessing AD on $SearchRoot : $_"

            return $null

        }

    }

    # Search primary catalog

    $domain = Search-AD -SearchRoot $PrimaryCatalog

    if ($domain) {

        return $domain

    } elseif ($SecondaryCatalog) {

        # If not found in primary and secondary catalog is provided, search secondary catalog

        $domain = Search-AD -SearchRoot $SecondaryCatalog

        if ($domain) {

            return $domain

        }

    }

    # If user is not found in primary and either no secondary or not found in secondary

    Write-Error "User `$SamAccountName` not found in the primary domain. If you have a secondary catalog, please make sure to enter it to check there as well."

    return $null

}