tontontools.

Release Notes

Get Primary User And Email From Device — Changelog

Version history for Get Primary User And Email From Device. Entries follow the Keep a Changelog convention with four groups: Added, Changed, Fixed, Security.

v1.0.0

Released January 2026released

Initial public release of Get Primary User And Email From Device. The product is sold in the Pro tier of the TontonTools suite. A 14-day free trial is available without a credit card.

Added

  • Bulk SCCM + Active Directory lookup: for a list of device names, find the primary users recorded in SCCM (via SMS_UserMachineRelationship) and their email addresses from Active Directory (via Get-ADUser). Symmetric counterpart of Get Primary Device And Email From User.
  • Three input methods, switchable via tabs: file import (CSV/TXT, one device name per line), paste list (multi-line text area), and SCCM device collection picker (filterable dialog listing all CollectionType = 2 collections).
  • Pivot lookup logic: for each device, SCCM is queried for the primary user(s) by ResourceName via SMS_UserMachineRelationship, then each resolved user is enriched with mail and displayName from Active Directory.
  • Bulk email copy: a dedicated Copy Emails button copies all resolved email addresses to the clipboard as a comma-separated list, ready to paste into an Outlook recipient field.
  • CSV export of the full result grid with all columns: device name, primary user(s), resolved sAMAccountName, email address, AD display name, AD manager, status (resolved / not found / multiple matches).
  • Dual-tab interface: one tab per input method, plus a Results tab that consolidates all queries from any input source into a single grid.
  • PowerShell ActiveDirectory module integration via System.Management.Automation: Get-ADUser is invoked in-process to read mail and displayName. RSAT must be installed on the workstation.
  • SCCM connection via the standard WMI namespace root\sms\site_<X> with the in-dialog Auto-detect cascade.
  • CMTrace-compatible activity log written to C:\TEMP\GetPrimaryUserAndEmailFromDevice.log.
  • DPAPI-encrypted credential storage shared across the suite at %AppData%\TontonTools\credentials.dat.
  • Read-only fallback mode in license grace period.

Security

  • No agent installed on managed endpoints — the product only communicates with the SCCM site server (RPC), a writable domain controller (LDAP via Get-ADUser), and the TontonTools license endpoint.
  • No telemetry, no cloud backend, no third-party analytics.
  • Kerberos authentication under the signed-in Windows user — no service account required.
  • TLS 1.2 enforced on the license validation request.
  • No Graph permissions required — this tool is on-premises-only.

Related documentation