Script repository

Check whether username is unique in AD and Exchange

Updated on: Jan 18, 2026, Views: 3057

Property validation

The script checks whether the username of an account is unique in AD domain and does not match the prefixes of any proxy addresses in Exchange. Username is generated as Last Name plus the first initial of the First Name. If the current username is not unique the next letter of the first name will be added. To execute the script, create a business rule triggering Before creating a user.

function IsUniqueInAD($sAMAccountName, $domainName)
{
    # Search parameters
    $searcher = $Context.BindToObject("Adaxes://$domainName")
    $searcher.Criteria = New-AdmCriteria "user" -Expression {(sAMAccountName -eq $sAMAccountName) -or (proxyAddresses -startsWith "$sAMAccountName@")}
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SizeLimit = 1
    $searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
    
    try
    {
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
        
        return $searchResults.Length -eq 0
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

function IsUniqueInExchangeOnline($userName)
{
    # Search users in Exchange Online.
    $recipient = Get-Recipient -Filter "EmailAddresses -like 'smtp:$userName@*'" -ResultSize 1 -WarningAction SilentlyContinue
    return $NULL -eq $recipient
}

# Get sAMAccountName
$userName = $Context.GetModifiedPropertyValue("sAMAccountName");

# Connect to Exchange Online.
$Context.CloudServices.ConnectExchangeOnline()

# Check whether sAMAccountName is unique.
$domain = $Context.GetObjectDomain("%distinguishedName%")
if ((IsUniqueInAD $userName $domain) -and (IsUniqueInExchangeOnline $userName))
{
    return
}
 
# Get the first and last names.
$firstName = $Context.GetModifiedPropertyValue("givenName")
$lastName = $Context.GetModifiedPropertyValue("sn")
 
$uniqueUserName = $NULL
for ($i = 2; $i -le $firstName.Length; $i++)
{
    $firstNamePart = $firstName.SubString(0, $i)
    $generatedUserName = "$lastName$firstNamePart"
    if ((IsUniqueInAD $generatedUserName $domain) -and (IsUniqueInExchangeOnline $generatedUserName))
    {
        $uniqueUserName = $generatedUserName
        break
    }
}
 
# If sAMAccountName is not unique, add a digit to it.
if ($NULL -eq $uniqueUserName)
{
    for ($i = 1; $True; $i++)
    {
        $uniqueUserName = "$lastName$firstName$i"
        if ((IsUniqueInAD $uniqueUserName $domain) -and (IsUniqueInExchangeOnline $uniqueUserName))
        {
            break
        }
    }
}
 
# Update sAMAccountName
$Context.SetModifiedPropertyValue("sAMAccountName", $uniqueUserName)
 
# Update UPN
$upnSuffix = $Context.GetObjectDomain("%distinguishedName%")
$userLogonName = $uniqueUserName + "@" + $upnSuffix
$Context.SetModifiedPropertyValue("userPrincipalName", $userLogonName)
 
$Context.LogMessage("The username was changed to " + $uniqueUserName + ".", "Information")

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.