How to Query Active Directory for Email Address by Username Using Command Line on Windows XP


2 views

When working with Windows XP in an Active Directory environment, you might need to extract specific user attributes like email addresses through command line queries. While net user username /domain provides comprehensive user details, extracting just the email field requires more targeted approaches.

The most straightforward method uses the dsquery utility included with Windows Server support tools:

dsquery user -name "username" | dsget user -email

This returns output in the format:

email
username@domain.com

For systems without dsquery, the CSV Directory Exchange tool provides another option:

csvde -f output.csv -r "(sAMAccountName=username)" -l mail

This creates a CSV file containing the email address, which you can then parse with:

for /f "tokens=2 delims=," %i in ('type output.csv ^| find "username"') do @echo %i

On systems with PowerShell remoting capabilities:

$email = (Get-ADUser -Identity username -Properties mail).mail
Write-Output $email

For pure Windows XP environments without modern tools, this VBScript solution works:

Set objUser = GetObject("LDAP://CN=username,OU=Users,DC=domain,DC=com")
WScript.Echo objUser.mail

Here's a complete batch file solution combining these techniques:

@echo off
set username=%1
for /f "tokens=*" %%a in ('dsquery user -name %username% ^| dsget user -email -c') do (
    for /f "tokens=2" %%b in ("%%a") do set email=%%b
)
echo %email%

If queries return no results:

  • Verify you're authenticated to the domain
  • Check the user's displayName vs sAMAccountName
  • Ensure the mail attribute is populated in AD
  • Try specifying the full DN when using LDAP queries

When working with Active Directory in Windows XP environments, administrators often need to quickly retrieve a user's email address using only their username. While net user username /domain provides comprehensive user information, parsing just the email field from this output can be cumbersome.

The dsquery command offers more precise AD querying capabilities. Here's the most efficient method:

dsquery user -name "JohnDoe" | dsget user -email

This command pipeline:

  1. Finds the user object with dsquery
  2. Pipes the DN to dsget to extract just the email attribute

For environments where dsquery isn't available, consider these options:

Using VBScript

Set objUser = GetObject("LDAP://CN=John Doe,OU=Users,DC=domain,DC=com")
WScript.Echo objUser.mail

PowerShell (if available)

Get-ADUser -Identity "JohnDoe" -Properties mail | Select-Object -ExpandProperty mail

If you must use net user, this batch script extracts the email:

@echo off
for /f "tokens=*" %%a in ('net user %1 /domain ^| find "User"') do (
    set email=%%a
)
set email=%email:*User email address =%
echo %email%
  • Ensure your account has proper AD read permissions
  • The email attribute might be stored in mail or userPrincipalName
  • For large domains, include the OU path in queries for better performance