Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This is another question that comes up from time to time … how do I map users to the devices that they have registered, or inversely how do I map a registered device to a user?
Here are the 2 PowerShell scripts. Copy into the PS ISE, save as .PS1 files.
Note, if you redirected the RegisteredDevices location during install, update to reflect your location.
Usage:
getregistereduserfordevice.ps1 <devicename>
getregistereddeviceforuser.ps1 <user>
GetRegisteredUserforDevice.PS1
#user is provide by argument
if ($args.count -ne 1)
{
Write-Host "Usage: GetRegisteredUserForDevice.ps1 <device name>"
exit 1
}#get user's sid
$domain = Get-ADDomain
$deviceDisplayName = $args[0]
$userSid = (New-Object System.Security.Principal.NTAccount ($domain.NetBIOSName ,$userName)).Translate([System.Security.Principal.SecurityIdentifier]).value#search device object when device displayName = client computer name
$objDefaultNC = New-Object System.DirectoryServices.DirectoryEntry$ldapPath = "LDAP://CN=RegisteredDevices," + $objDefaultNC.distinguishedName
$objDeviceContainer = New-Object System.DirectoryServices.DirectoryEntry($ldapPath)
$strFilter = "(&(objectClass=msDS-Device)(displayName=$deviceDisplayName))"$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDeviceContainer
$objSearcher.PageSize = 100
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Onelevel"
$colResults = $objSearcher.FindAll()Write-Host "Found" $colResults.count "device objects in AD whose displayName is " $args[0]
foreach ($objResult in $colResults)
{
$sidString = ""
$objItem = $objResult.Properties
$userSid = $objItem.'msds-registeredowner'
$userSid = $userSid[0]
for($i=0;$i -lt $userSid.count; $i++)
{
$sidString = $sidString + [char]$userSid[$i]
}
$objSID = New-Object System.Security.Principal.SecurityIdentifier($sidString)
try
{
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
Write-Host "UserSid:" $sidString "UserName:" $objUser.Value
}
catch
{
Write-Host "UserSid:" $sidString "Failed to get user name, user might be deleted"
}
}
GetRegisteredDeviceforUser.PS1
#user is provide by argument
if ($args.count -ne 1)
{
Write-Host "Usage: GetRegisteredDeviceForUser.ps1 <user name>"
exit 1
}#get user's sid
$domain = Get-ADDomain
$userName = $args[0]
$userSid = (New-Object System.Security.Principal.NTAccount($domain.NetBIOSName, $userName)).Translate([System.Security.Principal.SecurityIdentifier]).value#search device object when registeredUser = user sid
$objDefaultNC = New-Object System.DirectoryServices.DirectoryEntry$ldapPath = "LDAP://CN=RegisteredDevices," + $objDefaultNC.distinguishedName
$objDeviceContainer = New-Object System.DirectoryServices.DirectoryEntry($ldapPath)
$strFilter = "(&(objectClass=msDS-Device)(msDS-RegisteredOwner=$userSid))"$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDeviceContainer
$objSearcher.PageSize = 100
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Onelevel"
$colResults = $objSearcher.FindAll()Write-Host "Found" $colResults.count "device objects"
foreach ($objResult in $colResults)
{$objResult.Properties}
Hopefully that is useful.
A.