Get-ImmutableId.ps1
|
<#PSScriptInfo .VERSION 1.1 .GUID dbeaf367-dc1d-4c67-89df-041cc9fdc6f0 .AUTHOR Kalichuza .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES .PRIVATEDATA #> <# .DESCRIPTION Get the Ms-Ds-ConsistencyGuid In the AzureAD base64 format for easy troubleshooting #> # Function to get the immutable ID using ms-DS-ConsistencyGuid param ( [Parameter(Mandatory = $false, Position = 0)] [string]$SamAccountName ) function Get-UserImmutableId { [CmdletBinding()] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [string]$SamAccountName ) process { try { # Get the user's ms-DS-ConsistencyGuid and other properties from Active Directory $user = Get-ADUser -Identity $SamAccountName -Properties "ms-DS-ConsistencyGuid","DisplayName","UserPrincipalName" -ErrorAction Stop $guid = $user."ms-DS-ConsistencyGuid" # Convert the GUID to Base64 string (immutable ID) $immutableId = [System.Convert]::ToBase64String($guid) # Create and return a custom object with user information [PSCustomObject]@{ SamAccountName = $user.SamAccountName DisplayName = $user.DisplayName UserPrincipalName = $user.UserPrincipalName ImmutableId = $immutableId } } catch { Write-Error "Error retrieving immutable ID for user '$SamAccountName': $_" } } } # If SamAccountName was provided as a parameter, use it if ($SamAccountName) { Get-UserImmutableId -SamAccountName $SamAccountName } # If script is run with arguments but not using named parameters elseif ($args.Count -gt 0) { Get-UserImmutableId -SamAccountName $args[0] } # Otherwise prompt for username else { $username = Read-Host -Prompt "Enter the SAM account name" Get-UserImmutableId -SamAccountName $username } |