Forum Discussion

moinkhanengr's avatar
moinkhanengr
Copper Contributor
Aug 11, 2025
Solved

Fetch Email of Login User In System Context

Dear Team, We are working on retrieving email address of the user joined to Entra ID from Entra-joined Windows devices, specifically while running in a system context.The whoami /upn command succe...
api management
azure
azure active directory
azure automation
System Center
windows
Windows Hello
Windows PowerShell
  • Harm_Veenstra's avatar
    Harm_Veenstra
    Aug 12, 2025

    It's in the registry beneath the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo key; you could query it using:

    (Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\CloudDomainJoin\JoinInfo -Recurse).GetValue('UserEmail')

     

moinkhanengr's avatar
moinkhanengr
Copper Contributor
Aug 13, 2025

Thank you for your response. We have tested the provided command, and it currently returns the email address of the user who initially joined the device to Entra ID, instead of the email address of the currently logged-in user.
We require to obtain the email address of the presently logged-in user. For instance, if UserA initially joined the device to Entra ID, and subsequently UserB logs in, the command continues to display UserA's email address.

Harm_Veenstra's avatar
Harm_Veenstra
MVP
Aug 15, 2025

Ah, if devices are used by multiple users or are different from the enrollment user... Ok, I modified Andrew Taylor's script a bit to return the email address:

 

function get-UserPrincipalNameFromLoggedOnUser() {
    <#
    .SYNOPSIS
    This function is used to find the logged-in user's userprincipalname as System
    .DESCRIPTION
    This function is used to find the logged-in user's userprincipalname as System
    .EXAMPLE
    getloggedindetails
    Returns the SID and Username in an array
    .NOTES
    NAME: getloggedindetails
    Written by: Andrew Taylor (https://andrewstaylor.com) and changed by Harm Veenstra to return only the User Principal Name
    #>
    ##Find logged in username
    $user = Get-WmiObject Win32_Process -Filter "Name='explorer.exe'" |
    ForEach-Object { $_.GetOwner() } |
    Select-Object -Unique -Expand User
    
    ##Find logged-in user's SID
    ##Loop through registry profile list until ProfileImagePath matches and return the path
    $path = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*"
    $sid = (Get-ItemProperty -Path $path | Where-Object { $_.ProfileImagePath -like "*$user" }).PSChildName
    try {
        $userprincipalname = (Get-ChildItem "Registry::HKEY_USERS\$($sid)\Software\Microsoft\Windows NT\CurrentVersion\WorkplaceJoin\AADNGC" -Recurse -ErrorAction Stop).GetValue('UserID')
    }
    catch {
        $userprincipalname = "Not found"
    }    
    
    return $userprincipalname
}

Original source: https://andrewstaylor.com/2023/11/07/enumerating-the-logged-on-user-when-running-as-system-with-azure-ad-entra-joined-devices/

Resources