To use only SPUser objects isn’t always sufficient. To get other properties we have to retrieve user profiles. Giles Hamson gives an example how to get and how to update user profile properties with powershell. Here is an example how to get all work phones:

$url = "http://intranet/"
$site = Get-SPSite $url
$context = Get-SPServiceContext $site
$profileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($context)
$profiles = $profileManager.GetEnumerator()

while ($profiles.MoveNext()) {
  $userProfile = $profiles.Current
  $name = $userProfile.DisplayName
  $phone = $userProfile\["WorkPhone"\]
  $line = '{0};{1}' -f $name, $phone
  write $line
}

If you are not sure what properties are called, see the whole list by typing:

To get the distinguished name for a user, it isn’t enough to get an SPUser object. The distinguished name is the unique string for identifying a user in Active Directory (eg. CN=BeforeDAfter,OU=Test,DC=North America,DC=Fabrikam,DC=COM) Even using UserProfile object is not that clear. The distinguished name can be found in a property which can be retrieved with brackets: up[PropertyConstants.DistinguishedName]

public static string GetDistinguishedName(string login)
{
   var dn = "";
   UserProfile up;
   using (var site = new SPSite("http://dev"))
   {
      var serviceContext = SPServiceContext.GetContext(site);
      var upm = new UserProfileManager(serviceContext);
      var exists = upm.UserExists(login);
      if (!exists)
         upm.CreateUserProfile(login);
      if (exists)
      {
         up = upm.GetUserProfile(login);
         dn = up\[PropertyConstants.DistinguishedName\].Value.ToString();
      }
   }
   return dn;
}
```The code is simplified and doesn't contain any error handling. And a better handling of upm.UserExists must be implemented: If upm.CreateUserProfile(login) runs, it doesn't make it so quickly and the next step won't run (upm.GetUserProfile). If you are not working in SP Context, you can see the distinguished name for a user in Powershell:

import-module activedirectory $u = get-aduser administrator $u.DistinguishedName

Today I have struggled with User Profile Service Application. I should have followed this awesome tutorial by ShareponitGeorge. And many thanks to my friend David for the great assistance! One important thing to beware about: Forefront Identity Manager Service must be running. Otherwise you don’t see the existing synchronization connections and you can’t add new connections. You can ensure that this service is running by running services.msc (just press Windows button and write services). Or you can do in powershell:

Use LINQ to check if user is in a group. Create an extension method.

public static bool InGroup(this SPUser user, SPGroup group)
{
  return user.Groups.Cast<SPGroup>()
    .Any(g => g.ID == group.ID);
}
```EDIT 2011-01-22: There is a shortcoming of this method. You won't get a user which is in group through a AD group. You'll get only users and ad groups. [But there is another method to check if a user is inside an AD group](/2012/01/16/check-if-a-user-is-in-a-ou/ "See my post about how to retrieve users from AD groups with PrincipalSearcher"). How could we combine them?... I think we must start from group this time, not from user:

public static bool HasUser(this SPGroup user, SPUser user) { var users = group.Users.Cast(); var samAccount = Regex.Replace(user.LoginName, @".*\\(.*)", “$1”, RegexOptions.None); var exists = users.Any(u => u.LoginName.Equals(user.LoginName)); if (!exists) { var ctx = new PrincipalContext(ContextType.Domain); foreach (var u in users) { var login = u.LoginName; var groupName = Regex.Replace(login, @".*\\(.*)", “$1”, RegexOptions.None); var grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName); if (grp == null) continue; var principals = grp.GetMembers(true); exists = principals.Any(p => p.SamAccountName.Equals(samAccount, StringComparison.InvariantCultureIgnoreCase)); if (exists) break; } } return exists; }