PowerShell Regex for validating DOMAIN\username

6,114

Solution 1

Well, not quite. You're going to miss somethings.

Domain Part:

\w+ matches on word characters. which is ok, until the person doesn't use the NETBIOS name but uses the domain name (fully supported) so that would match STACKOVERFLOW\Zypher ... but not STACKOVERFLOW.COM\Zypher because the . will throw off the matching.

The User Part:

while Goyuix has stated what characters are not allowed. What that says implicetly is that ALL OTHER characters ARE allowed. A really common example of this is the - characters. So just using the dash as an example STACKOVERFLOW\Zypher-SO would not match.

Also <user>@<domain> is a valid notation for a user account as well.

What are you trying to accomplish, there may be a better way than regex.

Solution 2

You will probably be fine with that, though there are a couple of things to be aware of:

First, according to this TechNet article, the following is a list of characters that are not allowed in a username. Here it is in PowerShell:

'( ; : " <> * + = \\ | ? , )' -imatch '\w'

It returns false, so your \w should be fine.

Second, as a possible improvement, you might consider wrapping the \w in parenthesis to enable grouping and easy extraction of the domain or username portion of the match. Note: It will (very slightly) slow down the matching and use (very slightly) more memory.

Third, according to MS KB Article 938447 certain characters are treated as equal in user names / objects. A quick test shows PowerShell correctly matching that the mentioned characters with an umlaut match your regex, so be careful if you are using it to create accounts that the account may still fail in strange cases.

6,114

dunxd

I'm currently freelance specialising in international connectivity and infrastructure working with clients in the humanitarian space. If your organisation struggles to work effectively because of limited internet options in far flung locations, maybe I can help. Until 2017 I worked at a large international development charity in London, as International Operations Manager. I managed a team of Regional ICT Service Managers, based in developing world countries, who kept the users happy through fixing problems, setting up great connectivity and generally making sure users could do their day jobs. I think I did a good job as a manager - some of my team went on to great things! I previously worked at the same place as International Network Systems Analyst. I looked after a bunch of ICT systems in offices in the developing world, as well as looking after systems in our HQ. I gained a lot of knowledge in that job, and the techy side competes with the people stuff in the new role, hence I still hang out here a lot. I'm passionate about the use of ICT in developing countries, both in terms of dealing with the inherent problems for ICT in those places, and using ICT as a tool for development.

Updated on September 17, 2022

Comments

dunxd over 1 year
I have the following regexp for validating Windows usernames in a PowerShell script.
```
$fqusername -imatch '^\w+[\\]\w+$'
```
This works fine in my own environment, but I am planning on releasing it for wider use, and want to make sure it validates correctly for others.
- Fred about 9 years
  
  You do not need to put \\ inside a character group.
dunxd over 13 years

The PowerShell script I have written requires a username, which is then used to delete alerts in Sharepoint for that user. Sharepoint uses the DOMAIN\username notation. The check is just for a string of the correct format - since it takes a little while to process the script on a large Sharepoint install I want to check the syntax at least is correct otherwise it takes 10 - 30 seconds to find out you made a typo.
Zypher over 13 years

@dunxd hmm why not do a quick ldap/ADSI query against the domain for the existence of that user?
Zypher over 13 years

@dunxd ... hmm should be something like [ADSI]NT://<domain>/<username