I have the following regexp for validating Windows usernames in a PowerShell script.

$fqusername -imatch '^\w+[\\]\w+$'

This works fine in my own environment, but I am planning on releasing it for wider use, and want to make sure it validates correctly for others.

  • 9,482
  • 21
  • 80
  • 117

2 Answers2


Well, not quite. You're going to miss somethings.

Domain Part:

\w+ matches on word characters. which is ok, until the person doesn't use the NETBIOS name but uses the domain name (fully supported) so that would match STACKOVERFLOW\Zypher ... but not STACKOVERFLOW.COM\Zypher because the . will throw off the matching.

The User Part:

while Goyuix has stated what characters are not allowed. What that says implicetly is that ALL OTHER characters ARE allowed. A really common example of this is the - characters. So just using the dash as an example STACKOVERFLOW\Zypher-SO would not match.

Also <user>@<domain> is a valid notation for a user account as well.

What are you trying to accomplish, there may be a better way than regex.

  • 36,995
  • 5
  • 52
  • 95
  • The PowerShell script I have written requires a username, which is then used to delete alerts in Sharepoint for that user. Sharepoint uses the DOMAIN\username notation. The check is just for a string of the correct format - since it takes a little while to process the script on a large Sharepoint install I want to check the syntax at least is correct otherwise it takes 10 - 30 seconds to find out you made a typo. – dunxd Dec 22 '10 at 15:36
  • @dunxd hmm why not do a quick ldap/ADSI query against the domain for the existence of that user? – Zypher Dec 22 '10 at 15:41
  • It wouldn't be quick for me :-), plus I want to make this script available more widely - wouldn't that require hard coding some stuff into the script or require additional parameters? If you know this is super simple and can tell me off the top of your head how to do it, that would be most appreciated. – dunxd Dec 22 '10 at 15:45
  • @dunxd ... hmm should be something like `[ADSI]NT:/// – Zypher Dec 22 '10 at 16:30

You will probably be fine with that, though there are a couple of things to be aware of:

First, according to this TechNet article, the following is a list of characters that are not allowed in a username. Here it is in PowerShell:

'( ; : " <> * + = \\ | ? , )' -imatch '\w'

It returns false, so your \w should be fine.

Second, as a possible improvement, you might consider wrapping the \w in parenthesis to enable grouping and easy extraction of the domain or username portion of the match. Note: It will (very slightly) slow down the matching and use (very slightly) more memory.

Third, according to MS KB Article 938447 certain characters are treated as equal in user names / objects. A quick test shows PowerShell correctly matching that the mentioned characters with an umlaut match your regex, so be careful if you are using it to create accounts that the account may still fail in strange cases.

  • 3,164
  • 5
  • 28
  • 37