How can I check if a sAMAccountName already exists before I create a new user?

You can use Get-ADUser to verify if a sAMAccountName already exists before creating a new user. For example: Get-ADUser -Filter 'sAMAccountName -eq "b.cooper"'. If a result is returned, that username already exists.

How do I get a user's manager's sAMAccountName?

The manager attribute in AD stores the distinguished name, not the sAMAccountName. Retrieve the user with Get-ADUser -Properties Manager, then query the manager object: $manager = Get-ADUser -Identity $user.Manager; $manager.sAMAccountName.

Home
PowerShell
Get AD users' sAMAccountName

How to get AD users' sAMAccountName

The sAMAccountName is the logon name used to support clients and servers from earlier versions of Windows (pre-Windows 2000). Despite its age, it remains a fundamental attribute in Active Directory (AD) for ensuring backward compatibility, serving as a unique logon name for users and computers in a domain. The Get-ADUser PowerShell cmdlet is frequently used to identify the sAMAccountName of AD user objects. This article explains how to get an AD user's sAMAccountName using PowerShell and the AD user reports in ADManager Plus.

Finding AD users' sAMAccountName: PowerShell vs. ADManager Plus

The following table compares the process of finding an AD user's sAMAccountName using PowerShell versus ADManager Plus.

Windows PowerShell

Before you start, ensure:

The Active Directory PowerShell Module is installed.
The correct PowerShell execution policy is configured.
The account you are using has at least read permissions for the AD domain you intend to query.

To get an AD user's sAMAccountName using PowerShell, open Windows PowerShell as an administrator and execute the following script:


												Get-ADUser -Identity 'John' | Select-Object Name, sAMAccountName

ADManager Plus

To find an AD user's sAMAccountName using ADManager Plus:

Log in to ADManager Plus.
Navigate to Reports > User Reports > General Reports > All Users.
Select the Domain and OU and click Generate.
Click Add/Remove columns to add the sAMAccountName column to the results.
Use the Export As option to export the report in any of the following formats: CSV, PDF, XLSX, HTML or CSVDE.

Start your free trial

Examples to get AD users' sAMAccountName

Example 1: Get the sAMAccountName for all users in a specific OU

To retrieve a list of users from a specific OU, you can use the -SearchBase parameter.


									Get-ADUser-Filter * -SearchBase$targetOU | Select-Object Name, sAMAccountName

Example 2: Get the sAMAccountName for all users in the domain

To get a complete list of all users in your domain, you can simply remove the -SearchBase parameter from the previous example.


									Get-ADUser -Filter * | Select-Object Name, sAMAccountName

Example 3: Export sAMAccountName to CSV

The following command gets all users and exports their name, sAMAccountName, and status to a CSV file.


									Get-ADUser -Filter * -Properties Enabled | Select-Object Name, sAMAccountName, Enabled | Export-Csv -Path "C:\AD_Users.csv" -NoTypeInformation

Examples to get AD users by sAMAccountName

Here are some practical examples of using the Get-ADUser cmdlet to retrieve users based on their sAMAccountName.

Example 1: Get a single user by sAMAccountName

The simplest way to get a user is by using the -Identity parameter with their sAMAccountName.


									# Get user by sAMAccountName 

									Get-ADUser -Identity "John"

Example 2: Get specific properties using sAMAccountName

To view more than the default properties, use the -Properties parameter to specify which attributes you want to see, such as their email address or department.


									# Get the email address and department of a user 

									Get-ADUser -Identity "John" -Properties email, department | Select-Object name, email, department

Example 3: Find if users are enabled using their sAMAccountName

Check if users are enabled using just their sAMAccountName with the following script:


									# Import the list of sAMAccountNames from a CSV file 

									Import-Csv -Path "C:\temp\users.csv" | ForEach-Object { 

										# For each username in the CSV, run Get-ADUser 

										Get-ADUser -Identity $_.sAMAccountName -Properties Enabled, LastLogonDate | Select-Object sAMAccountName, name, Enabled, LastLogonDate

Limitations of using PowerShell to get AD users' sAMAccountName

While PowerShell is a powerful tool for AD administration, relying on it exclusively comes with significant challenges, especially in complex AD environments.

Lack of user-friendly reporting: Generating comprehensive and visually appealing reports is nearly impossible without significant scripting effort and other tools.
No audit trail: Native PowerShell does not provide a straightforward audit log and requires custom logging and transcription solutions, which adds another layer of complexity to maintain and review.
Time-consuming for bulk tasks: While PowerShell lets you perform bulk AD management actions, specific bulk tasks can require extensive scripting and can take a long time to execute.

Highlights of using ADManager Plus for getting AD user reports

ADManager Plus allows you to overcome all the PowerShell limitations and helps you obtain AD users effortlessly with its predefined AD reports.

Script-free reporting: Perform complex single and bulk user operations without writing a single line of script.
Comprehensive reporting: Access over 200 prebuilt reports on AD to get instant visibility into AD objects.
Complete audit trail: Every action performed in ADManager Plus is logged as audit reports, allowing you to keep track of all administrative changes effortlessly.

Get AD users by sAMAccountName using ADManager Plus

Try it now for free

FAQs

sAMAccountName is the legacy, NetBIOS-compatible logon name, while UserPrincipalName is the more modern, email-style logon name.

This is a crucial step in any user onboarding script to avoid errors. The best way is to try to retrieve the user and check if the result is null. Here is a simple and reliable function you can add to your scripts:


												function Test-sAMAccountNameExists { 

													param ( 

														[Parameter(Mandatory=$true)] 

														[string]$UserName 

													) 


													# The @() ensures the result is always an array, preventing errors if null 

													$user = @(Get-ADUser -Filter "sAMAccountName -eq '$UserName'") 

													
													if ($user.Count -gt 0) { 

														# If count is greater than 0, the user exists 

														Write-Host "Username '$UserName' already exists." -ForegroundColor Red
														return $true 

													} else { 

														Write-Host "Username '$UserName' is available." -ForegroundColor Green
														return $false 

													} 

												} 


												# --- How to use the function --- 

												Test-sAMAccountNameExists -UserName "b.cooper" 

												Test-sAMAccountNameExists -UserName "new.user99"

The manager attribute in AD stores the distinguished name and not the sAMAccountName. To accomplish this, you retrieve the user object, check if the Manager property is populated, and if so, you can use its value to retrieve the manager's user object. Here's the script:


												# The user you want to check 

												$userName = "b.cooper" 


												# Step 1: Get the user and specifically request the Manager property 

												$user = Get-ADUser -Identity $userName -Properties Manager 


												if ($null -ne $user.Manager) { 

													# Step 2: If the manager property exists, get the manager's user object 

													$manager = Get-ADUser -Identity $user.Manager 

													
													Write-Host "The manager of '$userName' is '$($manager.sAMAccountName)'." 

												} 

												else { 

													Write-Host "User '$userName' does not have a manager listed." 

												}

Related features:

Related Powershell Guides: