Some customers have the problem that the NameUserPrincipal we query over GetUserNameEx does not match the real email address of the user. We are currently using GetUserNameEx to avoid a full LDAP / AD Search of properties but that would be the better solution.
In Powershell it could be queried like this:
We could of course do such a search using LDAP API ourself and if we find such a property prefer this over the GetUserNameEx value. This would be more accurate in most places.