Script Repository

Users with not matching attributes

February 24, 2021

The script creates and emails a list of users whose 2 attributes do not match. Using the script you can, for example, get a list of users whose email address specified in Active Directory does not match their Windows logon name.

Note: To schedule the report, create a scheduled task configured for the Domain-DNS object type that runs the script and assign it over any of your AD domains. To add the script to a scheduled task, use the Run a program or PowerShell script action.


  • $firstAttribute and $secondAttribute - Specify LDAP display names of the attributes that must match.
  • $to - Specifies a comma separated list of recipients of the report.
  • $subject - Specifies the email message subject.
  • $reportHeader - Specifies the email message header.
  • $reportFooter - Specifies the email message footer.
Edit Remove
$firstAttribute = "userPrincipalName" # TODO: modify me
$secondAttribute = "mail" # TODO: modify me

# Email message settings
$to = "" # TODO: modify me
$subject = "Attribute Mismatch" # TODO: modify me
$reportHeader = "<h3><b>Attribute Mismatch</b></h3><br/>" # TODO: modify me
$reportFooter = "<hr /><p><i>Please do not reply to this e-mail, it has been sent to you for notification purposes only.</i></p>" # TODO: modify me

# Get the default Web Interface address
$webInterfaceAddress = "%adm-WebInterfaceUrl%"
if ([System.String]::IsNullOrEmpty($webInterfaceAddress))
    $Context.LogMessage("Default web interface address not set for Adaxes service. For details, see", "Warning")

# Find all users
$searcher = $Context.BindToObject("Adaxes://rootDSE")
$searcher.PageSize = 500
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchFilter = "(sAMAccountType=805306368)"
$searcher.SetPropertiesToLoad(@($firstAttribute, $secondAttribute, "ObjectGuid"))
$searcher.VirtualRoot = $True

    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()

    $htmlListItems = New-Object "System.Text.StringBuilder"
    foreach ($searchResult in $searchResults)
        $firstAttributeValue = $searchResult.Properties[$firstAttribute].Value
        $secondAttributeValue = $searchResult.Properties[$secondAttribute].Value
        if ($firstAttributeValue -eq $secondAttributeValue)
        $guid = [Guid]$searchResult.Properties["ObjectGuid"].Value
        $username = [Softerra.Adaxes.Utils.ObjectNameHelper]::GetObjectName($searchResult.AdsPath, "IncludeParentPath")
        $link = "<a href='$webInterfaceAddress`ViewObject.aspx?guid=$guid'>$username</a>"
    if ($htmlListItems.Length -eq 0)
        $html = $reportHeader + "<b>No users with attribute mismatch found</b>" + $reportFooter
        $html = $reportHeader + "<ul>" + $htmlListItems.ToString() + "</ul>" + $reportFooter
    # Send mail
    $Context.SendMail($to, $subject, $NULL, $html)
    # Release resources used by AD search

Comments ( 0 )
No results found.
Leave a comment