How to Query Active Directory for Email Address by Username Using Command Line on Windows XP


11 views

When working with Windows XP in an Active Directory environment, you might need to extract specific user attributes like email addresses through command line queries. While net user username /domain provides comprehensive user details, extracting just the email field requires more targeted approaches.

The most straightforward method uses the dsquery utility included with Windows Server support tools:

dsquery user -name "username" | dsget user -email

This returns output in the format:

email
username@domain.com

For systems without dsquery, the CSV Directory Exchange tool provides another option:

csvde -f output.csv -r "(sAMAccountName=username)" -l mail

This creates a CSV file containing the email address, which you can then parse with:

for /f "tokens=2 delims=," %i in ('type output.csv ^| find "username"') do @echo %i

On systems with PowerShell remoting capabilities:

$email = (Get-ADUser -Identity username -Properties mail).mail
Write-Output $email

For pure Windows XP environments without modern tools, this VBScript solution works:

Set objUser = GetObject("LDAP://CN=username,OU=Users,DC=domain,DC=com")
WScript.Echo objUser.mail

Here's a complete batch file solution combining these techniques:

@echo off
set username=%1
for /f "tokens=*" %%a in ('dsquery user -name %username% ^| dsget user -email -c') do (
    for /f "tokens=2" %%b in ("%%a") do set email=%%b
)
echo %email%

If queries return no results:

  • Verify you're authenticated to the domain
  • Check the user's displayName vs sAMAccountName
  • Ensure the mail attribute is populated in AD
  • Try specifying the full DN when using LDAP queries

When working with Active Directory in Windows XP environments, administrators often need to quickly retrieve a user's email address using only their username. While net user username /domain provides comprehensive user information, parsing just the email field from this output can be cumbersome.

The dsquery command offers more precise AD querying capabilities. Here's the most efficient method:

dsquery user -name "JohnDoe" | dsget user -email

This command pipeline:

  1. Finds the user object with dsquery
  2. Pipes the DN to dsget to extract just the email attribute

For environments where dsquery isn't available, consider these options:

Using VBScript

Set objUser = GetObject("LDAP://CN=John Doe,OU=Users,DC=domain,DC=com")
WScript.Echo objUser.mail

PowerShell (if available)

Get-ADUser -Identity "JohnDoe" -Properties mail | Select-Object -ExpandProperty mail

If you must use net user, this batch script extracts the email:

@echo off
for /f "tokens=*" %%a in ('net user %1 /domain ^| find "User"') do (
    set email=%%a
)
set email=%email:*User email address =%
echo %email%
  • Ensure your account has proper AD read permissions
  • The email attribute might be stored in mail or userPrincipalName
  • For large domains, include the OU path in queries for better performance