Forum Discussion
Fetch Email of Login User In System Context
Dear Team,
We are working on retrieving email address of the user joined to Entra ID from Entra-joined Windows devices, specifically while running in a system context.The whoami /upn command successfully returns the joined user’s email address in a user context, but it does not work in a system context, particularly when using an elevated terminal via the psexec utility.We also tested the dsregcmd /status command; however, in a system context, the User Identity tab in the SSO State section only appears when there is an error in AzureAdPrt. Under normal, healthy operating conditions, this command does not provide the user identity or the full domain username.
We would greatly appreciate guidance on how to retrieve the Entra ID joined user’s email address in a system context, especially from those with prior experience in this area.
Thank you for your support.
3 Replies
Thank you for your response. We have tested the provided command, and it currently returns the email address of the user who initially joined the device to Entra ID, instead of the email address of the currently logged-in user.
We require to obtain the email address of the presently logged-in user. For instance, if UserA initially joined the device to Entra ID, and subsequently UserB logs in, the command continues to display UserA's email address.Ah, if devices are used by multiple users or are different from the enrollment user... Ok, I modified Andrew Taylor's script a bit to return the email address:
function get-UserPrincipalNameFromLoggedOnUser() { <# .SYNOPSIS This function is used to find the logged-in user's userprincipalname as System .DESCRIPTION This function is used to find the logged-in user's userprincipalname as System .EXAMPLE getloggedindetails Returns the SID and Username in an array .NOTES NAME: getloggedindetails Written by: Andrew Taylor (https://andrewstaylor.com) and changed by Harm Veenstra to return only the User Principal Name #> ##Find logged in username $user = Get-WmiObject Win32_Process -Filter "Name='explorer.exe'" | ForEach-Object { $_.GetOwner() } | Select-Object -Unique -Expand User ##Find logged-in user's SID ##Loop through registry profile list until ProfileImagePath matches and return the path $path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" $sid = (Get-ItemProperty -Path $path | Where-Object { $_.ProfileImagePath -like "*$user" }).PSChildName try { $userprincipalname = (Get-ChildItem "Registry::HKEY_USERS\$($sid)\Software\Microsoft\Windows NT\CurrentVersion\WorkplaceJoin\AADNGC" -Recurse -ErrorAction Stop).GetValue('UserID') } catch { $userprincipalname = "Not found" } return $userprincipalname }Original source: https://andrewstaylor.com/2023/11/07/enumerating-the-logged-on-user-when-running-as-system-with-azure-ad-entra-joined-devices/
It's in the registry beneath the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo key; you could query it using:
(Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo -Recurse).GetValue('UserEmail')
