Retrieve current domain user's full name

Question

Using PowerShell, how can I get the currently logged on domain user's full name (not only its username) without the need of the ActiveDirectory module?

score 31 · Accepted Answer · edited May 24 '17 at 17:32

31

$dom = $env:userdomain
$usr = $env:username
([adsi]"WinNT://$dom/$usr,user").fullname

Returns:

John Doe

Some other (mostly) obscure properties also available. A few useful ones:

Homedrive UNC
Homedrive Letter
Description
Login script

Try:

[adsi]"WinNT://$dom/$usr,user" | select *

edited May 24 '17 at 17:32

Mark Wragg

226
2
12

answered Mar 17 '14 at 20:30

Clayton

4,483
16
24

4

Good answer. Of course, this *is* querying AD... :) – Massimo Mar 17 '14 at 20:31
1

Do I need domain admin rights to run this command? Or can the domain user itself can run this command? – Jonathan Rioux Mar 17 '14 at 21:02
1

Any domain user can query AD for this kind of information. – Massimo Mar 20 '14 at 16:43
1

@Massimo Not any domain user can query AD for this kind of information. Users can be not granted (or denied) the "Read account restrictions" permission, and be unable to query any data from Active Directory – Ian Boyd Jun 16 '15 at 15:58
How can I use this multiline command in powershell? – coderzzz18 Feb 20 '20 at 12:10

score 16 · Answer 2 · answered Mar 17 '14 at 20:57

16

I like the accepted answer, but just because I wanted to try this out myself:

$user = whoami
Get-WMIObject Win32_UserAccount | where caption -eq $user | select FullName

returns:

FullName
--------
TheCleaner

or if you wish to not have the header info and just the result:

$user = whoami
Get-WMIObject Win32_UserAccount | where caption -eq $user | select FullName | ft -hide

answered Mar 17 '14 at 20:57

TheCleaner

32,352
26
126
188

I read this too quickly, it *does* query AD. I verbally retract my vote. – MDMoore313 Mar 17 '14 at 21:14
3

But doesn't require the AD PS modules – squillman Mar 17 '14 at 21:28
4

@squillman it doesn't, just giving Cleaner a hard time. – MDMoore313 Mar 17 '14 at 21:31
Gotcha. Sorry, must have been decaffeinated... – squillman Mar 18 '14 at 14:44
@TheCleaner , can you tell me how can I use these multi line command in Powershell? – coderzzz18 Feb 20 '20 at 12:09
@coderzzz18 - what do you mean? Just save the two lines as a ps1 script and run it. – TheCleaner Feb 20 '20 at 14:05

MDMoore313 · Answer 3 · 2014-03-17T21:52:00.967

7

One liner using Powershell 3.0:

gwmi win32_useraccount | where {$_.caption -match $env:USERNAME} | select fullname | ft -HideTableHeaders

edited Mar 17 '14 at 21:52

answered Mar 17 '14 at 21:35

MDMoore313

5,531
6
34
73

score 3 · Answer 4 · answered Mar 17 '14 at 22:50

Based on your comment on Craig620's accepted answer,

Do I need domain admin rights to run this command? Or can the domain user itself can run this command?

It sounds like you're trying to avoid installing powershell modules on user workstations, yes, but also, no, you don't need to be a domain admin to look up your own name in AD. You can look up pretty much any information that appears in the GAL in Outlook, including full name, as a standard user.

You can also look up other people's full names as a standard user in AD (using Get-WmiObject Win32_userAccount, if you want to avoid the AD modules). Service accounts that query AD (well, prior to managed service accounts) are usually standard, unprivileged AD users.

score 2 · Answer 5 · answered Feb 17 '20 at 09:05

2

([adsi]"LDAP://$(whoami /fqdn)").displayName

You can retrieve a truckload of information using this very simple tool. Check out

([adsi]"LDAP://$(whoami /fqdn)") | fl *

answered Feb 17 '20 at 09:05

KeyszerS

180
9

score 2 · Answer 6 · answered Mar 07 '16 at 21:55

If you've always got .Net 3.5 or higher (which you should with PowerShell v4.0 and higher):

Add-Type -AssemblyName System.DirectoryServices.AccountManagement;
$DisplayName = [System.DirectoryServices.AccountManagement.UserPrincipal]::Current.DisplayName;

That class provides very easy access to all the common LDAP properties, so you don't need to lookup twice (once with WinNT and again with LDAP) or use [ADSISearcher] to do an LDAP search if you want some extended properties that WinNT doesn't implement.

score 1 · Answer 7 · answered Mar 09 '15 at 18:57

Using -match is not a good choice because a $env:USERNAME of "ed" will match "fred" and "edith". Instead use -eq for an exact match and add in the domain if needed. I use a foreach loop at the end to strip off all leading an trailing whitespace as an alternative to "select fullname | ft -HideTableHeaders" which prints a leading and trailing newline.

gwmi win32_useraccount | where {$_.caption -eq $("domain\" + $env:USERNAME)} | foreach {$_.fullname}

Mostafa · Answer 8 · 2022-04-05T15:34:44.563

How about querying the registry instead of AD Like this:

if ((gwmi win32_computersystem).partofdomain -eq $true)
{Get-ItemPropertyValue -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1 -Name "LoggedOnDisplayName"}
else 
{Get-ItemPropertyValue -Path HKLM:\SOFTWARE\Microsoft\Windows\Cu rrentVersion\Authentication\LogonUI\SessionData\1 -Name "LoggedOnUser" | %{$_.Split('\')[1]}}

Note: Only tested on Windows 10.

Another Note: this looks for the first logged user in the current session, so for example if you logged out of john.smith and logged in will.smith and run the above you will get the data related to john.smith instead of will.smith.

Update: The below script will get the current user's display name regardless of being on a domain joined PC or not or logging in with another account before logging in with the account that you need to get the display name for.

$user = (Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\" | Get-ItemProperty | Where-Object LoggedOnUser -like "$(whoami)" | select -First 1)

if ((Get-Item $user.PSPath).Property -contains "LoggedOnDisplayName" -eq $true) {
    $user.LoggedOnDisplayName
} else {
    $user.LoggedOnUser | %{$_.Split('\')[1]}
}

Massimo · Answer 9 · 2014-03-17T20:31:07.857

0

If you don't want to use the Active Directory module, you can't; unless you want to go even deeper and perform an actual LDAP query against a domain controller.

Any user information other than the username is stored in Active Directory, and it has to be retrieved there.

edited Mar 17 '14 at 20:31

answered Mar 17 '14 at 20:17

Massimo

68,714
56
196
319

But when I open the start menu, the full name of the user is shown here! I mean, it must be stored somewhere? – Jonathan Rioux Mar 17 '14 at 20:18
4

Yes, it's stored somewhere. It's stored in Active Directory. – Katherine Villyard Mar 17 '14 at 20:26
It is probably stored/cached in the registry as well, but I didn't find it easily and gave up. – mfinni Mar 17 '14 at 21:35
1

It's true that it's stored in AD but the `[ADSI]` interface has been around a lot longer than the AD modules, and really isn't all that complicated, like the accepted answer shows. – Hunter Eidson Mar 20 '14 at 15:11

Retrieve current domain user's full name

9 Answers9

Linked