Identify User's Domain from Email Address

Question

I am in an organization with multiple domains in the forest. Most of the domains have their own email email, but a few share a common email domain. I have a list of email address that I need to identify from which domain they are. I have tried the PowerShell command Get-ADUser, but it only seems to work within my domain. An acceptable alternative, would be to determine if users as NOT in a certain domain.

Do you use Exchange in this forest, or are you only talking about the "mail" attribute in AD? — Massimo, Sep 21 '20 at 17:26
Forgive my ignorance, as AD domain structures are not my forte. The domain I am in uses Exchange. I think the entire forest does, but I am not positive. — Andrew, Sep 21 '20 at 17:31
Exchange operates at the forest level and keeps track globally of all email addresses, also guaranteeing their unicity; thus it's much easier to search email addresses in a multi-forest environment if Exchange is present; otherwise you have to explicitly query each domain in turn. — Massimo, Sep 21 '20 at 18:29

score 0 · Answer 1 · answered Sep 22 '20 at 19:19

This PowerShell cmdlet searches for users with the email address you specify. It also returns use accounts for which it is a secondary email address:

Get-ADUser -Filter "proxyAddresses -like '*jon.doe@example.com*'" # Keep the asterisks!

If you do not have Exchange in your organisation, you can also try with the mail attribute.

Get-ADUser -Filter "mail -like 'jon.doe@example.com'" # Exact search, so no asterisk here.

Andrew · Accepted Answer · 2022-09-02T14:24:05.350

The piece I was missing was the server parameter. The Get-ADUser command is only searching in my domain. So if I am in my.domain.com but I want to see if you@domain.com is the email for a user in ur.domain.com, I need to specify a different server like this:

Get-ADUser -Server "ur.domain.com" -Filter {EmailAddress -eq "you@domain.com"}

Edit: This came back around so I finally built a full script to do what I need:

date
$da=@("a","b","c","d") #e domain not searchable
$ra=@()
$nf=@()
foreach ($u in Get-Content "C:\pathtofile\filename.txt"){
    $dh = "not found"
    for ($i=0; $i -lt $da.length -and $dh -eq "not found"; $i+=1){
        $d=$da[$i]
        if (Get-ADUser -Server $d".domain.com" -Filter {EmailAddress -eq $u}){
            $dh = $d
        }
    }
    if ($dh -eq "not found"){
        $nf += $u
    }elseif (!($ra.Contains($dh))){
        $ra += $dh
    }
}
date
""
"Results:"
$ra
""
"Not Found:"
$nf

This script takes a VERY long time, so I also sorted the $da array by most the expectation of most frequent occurrences so it will exit that loop faster.

Identify User's Domain from Email Address

2 Answers2