Finding Duplicate UPN’s 2 Domains – Powershell
By Steve Bowman
Published January 4, 2017
Estimated Reading Time: 2 minutes

Hello All

I was recently working on a project to migrate users from legacy domain to a primary domain. One of the many challenges is finding conflicting UPN between the two domains. UPN  (User-Principal-Name) is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. This should map to the user email name.

The script will search the source domain and the target domain looking for the same UPN prefix.  For each user object, we are gathering: SamAccountName, UserPrincipalName, Initials, FirstName, and SN. Each user attribute is assigned S or T  SamAccountName, UserPrincipalName, Initials, FirstName, and SN for matching and exporting.

Depending on if we have an export of the source domain user UPN in csv format, that data can be imported.  Otherwise we could use an mounted PSDrive to gather the data from the source domain when running the script. I will cover New-PSDrive in more detail, in a later blog.

$UserSearch = Import-CSV "C:\Working\input\upn.csv" 
$UserSearch = Get-ADUser -Filter 'enabled -eq $true'

The script uses OUT-File with predefined headers.

$FN_LN_Match`t$FN_LN_I_Match`t$UPN_Match`t$SAM_Match`t$Ssamaccountname`t$Tsamaccountname`t$Suserprincipalname`t$Tuserprincipalname`t$SFirstname`t$TFirstname`t$SInitials`t$TInitials`t$SLastname`t$Tlastname`t$Tname” | Out-File $UserOutFile -encoding ASCII -append

Now for some code.

$usersearch | ForEach-Object {
      $EMP = $_.UserPrincipalName
      $EMP =($emp.split("@"))[0]
      $ObjFilter = "(&(objectCategory=User)(UserPrincipalName=$EMP@*))"
      $objSearch = New-Object System.DirectoryServices.DirectorySearcher
      $objSearch.PageSize = 15000
      $objSearch.Filter = $ObjFilter
 #Search objects in the Source Domain
      $objSearch.SearchRoot = "LDAP://DC=Your,DC=Source,DC=Domain"
      $AllObj = $objSearch.FindAll()
 foreach ($Obj in $AllObj)
       { $objItemS = $Obj.Properties
       $objItemS.samaccountname
       $objItemS.userprincipalname
       $objItemS.initials
       $objItemS.firstname
       $objItemS.sn
       $Ssamaccountname = $objItemS.samaccountname
       $Suserprincipalname = $objItemS.userprincipalname
       $SupnPrefix = ($Suserprincipalname.split("@"))[0]
       $SInitials = $objItemS.initials
       $SFirstname = $objItemS.givenname
       $SLastname = $objItemS.sn
       }

The code is searching the source domain via LDAP:  with the filter “USER” object and “UPN@*” where UPN is current user object.

$ObjFilter = "(&(objectCategory=User)(UserPrincipalName=$EMP@*))"

Now lets search the Target domain (Primary).

$objSearch.SearchRoot = "LDAP://DC=your,DC=Target,DC=Domain"
 $AllObj = $objSearch.FindAll()
 foreach ($Obj in $AllObj)
      { $objItemT = $Obj.Properties
        $objItemT.samaccountname
        $objItemT.userprincipalname
        $objItemT.initials
        $objItemT.givenname
        $objItemT.sn
        $Tsamaccountname = $objItemT.samaccountname
        $Tname = $objItemT.name
        $Tuserprincipalname = $objItemT.userprincipalname
        $TupnPrefix = ($Tuserprincipalname.split("@"))[0]
        $TInitials = $objItemT.initials
        $TFirstname = $objItemT.givenname
        $TLastname = $objItemT.sn

The $ObjFilter is still defined from above.

Additional code is used to match the records.

#matching for output
 if ($SFirstname -eq $TFirstname -and $TLastname -eq $SLastname){
 $FN_LN_Match = 'Match' 
 } else {
 $FN_LN_Match = 'noMatch'
 }
 if ($SFirstname -eq $TFirstname -and $TInitials-eq $SInitials -and $TLastname -eq $SLastname){
 $FN_LN_I_Match = 'Match' 
 } else {
 $FN_LN_I_Match = 'noMatch'
 }
 if ($SFirstname -eq $TFirstname -and $TLastname -eq $SLastname -and $TupnPrefix -eq $SupnPrefix){
 $UPN_Match = 'Match' 
 } else {
 $UPN_Match = 'noMatch'
 }
 if ($Tsamaccountname -eq $Ssamaccountname ){
 $SAM_Match = 'Match' 
 } else {
 $SAM_Match = 'noMatch'
 }

 

That’s about it for now!

Post Tags:
Article By Steve Bowman
Steve Bowman is a Partner at Model Technology as well as their Vice President of Sales and Marketing. Steve is a father, husband, Franciscan, and lover of technology. He's bilingual in business and technology and have over 30 years of experience in selling enterprise technology solutions in a variety of industries.

Related Posts

No more cyber insurance forms!

Tired of filling out endless cyber insurance forms?

  • Download accurate security reports about your environment with a single click.
  • Avoid costly reporting errors.
  • Use your time in better ways.
  • Prove your cyber readiness with confidence.

Download our vCISO platform brochure to learn more.