Share via

Is there a function which returns list of client machine names on which a certain domain user profile exists, by taking in input of domain user name.

PAVAN KUMAR 1 Reputation point
2021-05-27T10:21:00.797+00:00

Is there any way to find out list of machine names in which a domain user profile exists (As a domain user profile can exists in multiple clients) for example I am looking for a function in .net or VC++ which takes in username and his domain details are arguments and returns an array of machine names where the domain user profile exists.

Use Case: I am running a service on each client system connected to domain, this service on each system where ever the domain user profile who requested for password change exists needs to get notified.

Methods Tried:

Get-ADUser

Get-ADComputer

Get-CimInstance

Get-WmiObject

I have tried these PowerShell commands but no luck.

Thanks.

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,543 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,960 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael Taylor 59,986 Reputation points
    2021-05-27T14:04:09.083+00:00

    I'm not sure I follow your question, especially in regards to the use case, but if I understand correctly what you want then it is possible but it would be horrifically slow. A domain user account is a domain user account so the computers on the machine are irrelevant. When a domain account (or any user account) logs into a machine then a user profile is created on that machine. This is the only indication you would have that a domain user has accessed a machine. Therefore to determine all the machines that a particular user has a profile on the machine for you'd have to enumerate all the computers on your domain. This wouldn't get any non-domain computers though. This would be really slow as you'd effectively have to access the user profiles of each machine one by one.

    PS can do this but you'd have to roughly do the following:

    • Get the list of domain computers to scan
    • For each computer look at the user profiles on it (accessible from the file system in most cases but there may be a faster way using an API)

    Where I get confused is the whole password change thing. If a domain user changes their password then Windows already figures it out pretty quick and notifies the user to lock and unlock the computer so their password will resync. If they aren't logged in at the time then a password change doesn't matter anyway. When they log in the next time it'll use the DC password (the new one) and if that fails prompt the user. If it cannot get to the DC then it'll use the previously cached profile (old password). Not sure why you'd need to write any code to do anything about a password change.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.