Jump to content
Sign in to follow this  
Kevin Finnegan

Get Domain User's full name locally despite being removed from AD?

Recommended Posts

Hi all,

I'm currently writing a backup script to automate the process of storing and compressing data for any member leaving the firm I work at. Ideally I would like to pull the user's display name or full name, for instance, a WMI query selecting FullName WHERE Win32_NetworkLoginProfile Name equals "Domain\kefinnegan" would bring back "Kevin Finnegan" or whatever naming convention your company uses.

Although this solution seems ideal as long as you log in as a user with privileged access, it won't work if the domain user you wish to backup has been purged from the Active Directory system entirely as the WMIService seems to query it in some shape or form (thousands of members in our firm, need to trim the fat every now and then). I was wondering if it's possible to query an API, service or possibly even scan registry entries stored on the leaver's machine while logged in as the local administrator (can run the script with privileged domain credentials if needs be) that could give me a domain user's full name, who logged onto this machine, without the use of Active Directory?

Edited by Kevin Finnegan
for clarity

Share this post


Link to post
Share on other sites

Kevin Finnegan, welcome to AutoIt and to the forum!

once a user account is removed from AD, then not only the full name is removed - the entire record is lost. you won't be able to retrieve the email address, office address, or whatever other fields AD have that you use. what you can do is query the event log for login events to determine the account short name ("kefinnegan" in your example), and devise some other way of matching that to the full name. one likely way would involve HR - they can match the short name with a (hopefully not too long) list of recently departed users.

oh, and JohnOne does make a good point - do all that before removal from AD. you can disable the account in AD while you remove it from various systems in your firm, and remove it completely from AD once all other removal steps have been completed.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By DirtyJohny
      Hi everyone.Need rewrite this function how in еxample.
      Original:
      #RequireAdmin #NoTrayIcon Opt("MustDeclareVars",1) Func _a() Local $sls=ObjGet("winmgmts:{impersonationLevel=impersonate," _ &"authenticationLevel=Pkt}!\\"& _ @ComputerName&'\root\wmi'),$lss=$sls.ExecQuery _ ('SELECT * FROM WmiMonitorID'), _ $lll,$sll,$sss="",$lsl,$lls,$i,$z For $z In $lss $lsl=$z.UserFriendlyName For $i=0 To Ubound($lsl)-1 if ($lsl[$i]) Then $lll&=Chr($lsl[$i]) Next $lls=$z.SerialNumberID For $i=0 To Ubound($lls)-1 if ($lls[$i]) Then $sll&=Chr($lls[$i]) Next $sss&="Model"&@TAB&@TAB&": "&$lll&@CR&"Serial Number"&@TAB&": "&$sll&@CR&@CR $lll="" $sll="" Next MsgBox(262144,'Monitors '&$lss.Count,$sss&" "&@CR) $lss=Null $sls=Null EndFunc _a() Example:
      Func _InfoPC() Local $ObjService = ObjGet('winmgmts:{impersonationLevel = impersonate}!\\' & @ComputerName & '\root\cimv2') Local $ObjMB = $ObjService.ExecQuery('SELECT * FROM Win32_BaseBoard', 'WQL', 0x30) If IsObj($ObjService) Then For $objItemMB In $ObjMB $sInfo &= @TAB & 'Motherboard: ...... ' & $objItemMB.Product & @CRLF I'm beginner in this sphere and need  you all speak easy and simply because i'm Russian.Thanks)
    • By jguinch
      Hello.
      I did create these few functions several months ago. I post here, if it can interest someone.
      These functions based on WMI queries allow you to manage printers : add / delete printer, driver, port, or obtain configuration, set default printer ... I let you discover it with the code.

       
      Here is the list of the available functions :
      _Printmgr_AddLocalPort
      _Printmgr_AddLPRPort
      _PrintMgr_AddPrinter
      _PrintMgr_AddPrinterDriver
      _PrintMgr_AddTCPIPPrinterPort
      _PrintMgr_AddWindowsPrinterConnection
      _PrintMgr_CancelAllJobs
      _Printmgr_EnumPorts
      _PrintMgr_EnumPrinter
      _PrintMgr_EnumPrinterConfiguration
      _PrintMgr_EnumPrinterDriver
      _PrintMgr_EnumPrinterProperties
      _PrintMgr_EnumTCPIPPrinterPort
      _Printmgr_Pause
      _Printmgr_PortExists
      _Printmgr_PrinterExists
      _Printmgr_PrinterSetComment
      _Printmgr_PrinterSetDriver
      _Printmgr_PrinterSetPort
      _Printmgr_PrinterShare
      _Printmgr_PrintTestPage
      _PrintMgr_RemoveLocalPort
      _PrintMgr_RemoveLPRPort
      _PrintMgr_RemovePrinter
      _PrintMgr_RemovePrinterDriver
      _PrintMgr_RemoveTCPIPPrinterPort
      _PrintMgr_RenamePrinter
      _Printmgr_Resume
      _PrintMgr_SetDefaultPrinter
       
      And some examples :
      #include <Array.au3> #include "PrintMgr.au3" _Example() Func _Example() ; Remove a printer called "My old Lexmark printer" : _PrintMgr_RemovePrinter("My old Lexmark printer") ; Remove the driver called "Lexmark T640" : _PrintMgr_RemovePrinterDriver("Lexmark T640") ; Remove the TCP/IP printer port called "TCP/IP" _PrintMgr_RemoveTCPIPPrinterPort("MyOLDPrinterPort") ; Add a driver, called "Samsung ML-451x 501x Series", and driver inf file is ".\Samsung5010\sse2m.inf" _PrintMgr_AddPrinterDriver("Samsung ML-451x 501x Series", "Windows NT x86", @ScriptDir & "\Samsung5010", @ScriptDir & "\Samsung5010\sse2m.inf") ; Add a TCP/IP printer port, called "MyTCPIPPrinterPort", with IPAddress = 192.168.1.10 and Port = 9100 _PrintMgr_AddTCPIPPrinterPort("MyTCPIPPrinterPort", "192.168.1.10", 9100) ; Add a printer, give it the name "My Printer", use the driver called "Samsung ML-451x 501x Series" and the port called "MyTCPIPPrinterPort" _PrintMgr_AddPrinter("My Printer", "Samsung ML-451x 501x Series", "MyTCPIPPrinterPort") ; Set the printer called "My Printer" as default printer _PrintMgr_SetDefaultPrinter("My Printer") ; Connect to the shared printer "\\192.168.1.1\HPDeskjetColor") _PrintMgr_AddWindowsPrinterConnection("\\192.168.1.1\HPDeskjetColor") ; List all installed printers Local $aPrinterList = _PrintMgr_EnumPrinter() _ArrayDisplay($aPrinterList) ; List all printers configuration Local $aPrinterConfig = _PrintMgr_EnumPrinterConfiguration() _ArrayDisplay($aPrinterConfig) ; List all installed printer drivers Local $aDriverList = _PrintMgr_EnumPrinterDriver() _ArrayDisplay($aDriverList) ; Retrieve the printer configuration for the printer called "Lexmark T640" $aPrinterConfig = _PrintMgr_EnumPrinterConfiguration("Lexmark T640") _ArrayDisplay($aPrinterConfig) ; Add a local printer port (for a file output) _PrintMgr_AddLocalPort("c:\temp\output.pcl") ; Remove the local port _PrintMgr_RemoveLocalPort("c:\temp\output.pcl") EndFunc ;==>_Example Download link :
      PrintMgr.au3
      PrintMgr_Example.au3
    • By water
      Extensive library to control and manipulate Microsoft Active Directory.

      Threads: Development - General Help & Support - Example Scripts - Wiki
      Previous downloads: 30467
       
      Known Bugs: (last changed: 2020-10-05)
      None Things to come: (last changed: 2020-07-21)
      None
      BTW: If you like this UDF please click the "I like this" button. This tells me where to next put my development effort
    • By shital
      #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_UseX64=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** RunAs(test", @ComputerName, "testinng",2,"wmic product where ""name= '%notepadexamples%'"" call uninstall", @SystemDir & "\wbem", @SW_MAXIMIZE)  it not working 
       
    • By Colduction
      Hi AutoIt Programmers!

      I've seen a code that gives Name of Group by writing it's group's SID, but this one response very slower than Windows Command-Line WMIC
       
      Func _GetLocalGroupName($sSID = 'S-1-5-18') $objWMIService = ObjGet ("winmgmts:\\" & @ComputerName & "\root\cimv2") $colItems = $objWMIService.ExecQuery('SELECT Name FROM Win32_Group where SID="' & $sSID & '"') For $GroupNames in $colItems MsgBox (0,"",$GroupNames.Name) ExitLoop Next EndFunc I don't want call and use any third-party programs even CMD, i just want use from Windows API, netapi32.dll or AutoIt Functions (Standalone).
      Do you have any idea to improve speed/performance of this code? I'll happy of your comments
       
       
       
      ====================== SOLOUTION by @Subz ======================
       
×
×
  • Create New...