Description of Issue

When troubleshooting user authentication issues, it can be helpful to verify what is set for a user in Active Directory. This article provides instructions for querying these attributes with PowerShell.

Context

AD
Active Directory
Email
Tyler Identity

Cause

Tyler products often use Active Directory attributes as part of the authentication process. What is set on the product specific user account must match what is set in Active Directory.

Resolution

Log into one of the Enterprise ERP servers with tylerservice or an admin account
Run PowerShell as administrator
In the script(s) below, replace username or emailaddress@xx.com with desired value, then paste into PowerShell and hit enter

Get email address based on a specific username	Get-ADUser -identity username -Properties DisplayName, EmailAddress, Title \| select DisplayName, EmailAddress, Title
Get email address and userPrincipalName based on a specific username	Get-ADUser -identity username -Properties DisplayName, EmailAddress, Title, userPrincipalName \| select DisplayName, SamAccountName, EmailAddress, Title, userPrincipalName
Wide open query that will show if the email field is blank	Get-ADUser -identity username
Find a user filtered by email address. Helpful to tell if multiple accounts share an email address	Get-ADUser -Filter {Emailaddress -eq "emailaddress@xx.com"} -Properties DisplayName, SamAccountName, EmailAddress, Title \| select DisplayName, SamAccountName, EmailAddress, Title

Additional Information

If you receive the message, Get-ADUser : The term 'Get-ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program

In the PowerShell window, run the script below, then re-run the desired script from above
1. Install-WindowsFeature RSAT-AD-PowerShell

Check to see if a User is in the MunisUsers Group

Browser not supported