tontontools.

Release Notes

Get Primary Device And Email From User — Changelog

Version history for Get Primary Device And Email From User. Entries follow the Keep a Changelog convention with four groups: Added, Changed, Fixed, Security.

v1.0.0

Released January 2026released

Initial public release of Get Primary Device And Email From User. The product is sold in the Pro tier of the TontonTools suite. A 14-day free trial is available without a credit card.

Added

  • Bulk SCCM + Active Directory lookup: for a list of user accounts, find the primary devices recorded in SCCM (via SMS_UserMachineRelationship) and the user's email address from Active Directory (via Get-ADUser).
  • Three input methods, switchable via tabs: file import (CSV/TXT, one user per line), paste list (multi-line text area), and SCCM user collection picker (filterable dialog listing all CollectionType = 1 collections).
  • Cross-reference lookup logic: for each user, three SCCM resolution strategies are attempted (UserName domain\sam, UniqueUserName, UserName plain) before the user is reported as not found. The first successful strategy is logged in the activity log.
  • Bulk email copy: a dedicated Copy Emails button copies all resolved email addresses to the clipboard as a comma-separated list, ready to paste into an Outlook recipient field.
  • CSV export of the full result grid with all columns: username, resolved sAMAccountName, primary device name(s), email address, AD display name, AD manager, status (resolved / not found / multiple matches).
  • Dual-tab interface: one tab per input method, plus a Results tab that consolidates all queries from any input source into a single grid.
  • PowerShell ActiveDirectory module integration via System.Management.Automation: Get-ADUser is invoked in-process to read mail and displayName. RSAT must be installed on the workstation.
  • SCCM connection via the standard WMI namespace root\sms\site_<X> with the in-dialog Auto-detect cascade (cache + registry + WMI + console probe).
  • Manual SCCM credentials entry as a fallback when auto-detection fails (Site Server FQDN + Site Code).
  • CMTrace-compatible activity log written to C:\TEMP\GetPrimaryDeviceAndEmailFromUser.log.
  • DPAPI-encrypted credential storage shared across the suite at %AppData%\TontonTools\credentials.dat.
  • Read-only fallback mode in license grace period: lookup operations remain available (this tool is read-only by design), but the result grid is presented with a license expiry banner.

Security

  • No agent installed on managed endpoints — the product only communicates with the SCCM site server (RPC), a writable domain controller (LDAP via Get-ADUser), and the TontonTools license endpoint.
  • No telemetry, no cloud backend, no third-party analytics.
  • Kerberos authentication under the signed-in Windows user — no service account required.
  • TLS 1.2 enforced on the license validation request.
  • No Graph permissions required — this tool is on-premises-only.

Related documentation