Get Domain User's full name locally despite being removed from AD?

[Kevin Finnegan]

Hi all,

I'm currently writing a backup script to automate the process of storing and compressing data for any member leaving the firm I work at. Ideally I would like to pull the user's display name or full name, for instance, a WMI query selecting FullName WHERE Win32_NetworkLoginProfile Name equals "Domain\kefinnegan" would bring back "Kevin Finnegan" or whatever naming convention your company uses.

Although this solution seems ideal as long as you log in as a user with privileged access, it won't work if the domain user you wish to backup has been purged from the Active Directory system entirely as the WMIService seems to query it in some shape or form (thousands of members in our firm, need to trim the fat every now and then). I was wondering if it's possible to query an API, service or possibly even scan registry entries stored on the leaver's machine while logged in as the local administrator (can run the script with privileged domain credentials if needs be) that could give me a domain user's full name, who logged onto this machine, without the use of Active Directory?

Edited December 10, 2015 by Kevin Finnegan
for clarity

[JohnOne]

Silly question, would it not be prudent to back this stuff up before purging a user from the system?

[orbs]

Kevin Finnegan, welcome to AutoIt and to the forum!

once a user account is removed from AD, then not only the full name is removed - the entire record is lost. you won't be able to retrieve the email address, office address, or whatever other fields AD have that you use. what you can do is query the event log for login events to determine the account short name ("kefinnegan" in your example), and devise some other way of matching that to the full name. one likely way would involve HR - they can match the short name with a (hopefully not too long) list of recently departed users.

oh, and JohnOne does make a good point - do all that before removal from AD. you can disable the account in AD while you remove it from various systems in your firm, and remove it completely from AD once all other removal steps have been completed.