Using PowerShell to map users to registered devices
This is another question that comes up from time to time … how do I map users to the devices that they have registered, or inversely how do I map a registered device to a user?
Here are the 2 PowerShell scripts. Copy into the PS ISE, save as .PS1 files.
Note, if you redirected the RegisteredDevices location during install, update to reflect your location.
Usage:
getregistereduserfordevice.ps1 <devicename>
getregistereddeviceforuser.ps1 <user>
GetRegisteredUserforDevice.PS1
#user is provide by argument
if ($args.count -ne 1)
{
Write-Host "Usage: GetRegisteredUserForDevice.ps1 <device name>"
exit 1
}#get user's sid
$domain = Get-ADDomain
$deviceDisplayName = $args[0]
$userSid = (New-Object System.Security.Principal.NTAccount ($domain.NetBIOSName ,$userName)).Translate([System.Security.Principal.SecurityIdentifier]).value#search device object when device displayName = client computer name
$objDefaultNC = New-Object System.DirectoryServices.DirectoryEntry$ldapPath = "LDAP://CN=RegisteredDevices," + $objDefaultNC.distinguishedName
$objDeviceContainer = New-Object System.DirectoryServices.DirectoryEntry($ldapPath)
$strFilter = "(&(objectClass=msDS-Device)(displayName=$deviceDisplayName))"$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDeviceContainer
$objSearcher.PageSize = 100
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Onelevel"
$colResults = $objSearcher.FindAll()Write-Host "Found" $colResults.count "device objects in AD whose displayName is " $args[0]
foreach ($objResult in $colResults)
{
$sidString = ""
$objItem = $objResult.Properties
$userSid = $objItem.'msds-registeredowner'
$userSid = $userSid[0]
for($i=0;$i -lt $userSid.count; $i++)
{
$sidString = $sidString + [char]$userSid[$i]
}
$objSID = New-Object System.Security.Principal.SecurityIdentifier($sidString)
try
{
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
Write-Host "UserSid:" $sidString "UserName:" $objUser.Value
}
catch
{
Write-Host "UserSid:" $sidString "Failed to get user name, user might be deleted"
}
}
GetRegisteredDeviceforUser.PS1
#user is provide by argument
if ($args.count -ne 1)
{
Write-Host "Usage: GetRegisteredDeviceForUser.ps1 <user name>"
exit 1
}#get user's sid
$domain = Get-ADDomain
$userName = $args[0]
$userSid = (New-Object System.Security.Principal.NTAccount($domain.NetBIOSName, $userName)).Translate([System.Security.Principal.SecurityIdentifier]).value#search device object when registeredUser = user sid
$objDefaultNC = New-Object System.DirectoryServices.DirectoryEntry$ldapPath = "LDAP://CN=RegisteredDevices," + $objDefaultNC.distinguishedName
$objDeviceContainer = New-Object System.DirectoryServices.DirectoryEntry($ldapPath)
$strFilter = "(&(objectClass=msDS-Device)(msDS-RegisteredOwner=$userSid))"$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDeviceContainer
$objSearcher.PageSize = 100
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Onelevel"
$colResults = $objSearcher.FindAll()Write-Host "Found" $colResults.count "device objects"
foreach ($objResult in $colResults)
{$objResult.Properties}
Hopefully that is useful.
A.