Getting oprhaned HomeDirectories

Leave a reply

First things first, I have to give Jaap Brasser his props!

Jaap’s script does a whole lot more!

I liked the idea of finding orphaned home directories on a volume for reporting purposes. These days I’m more into gathering data than trying to interpret the data in the script as I go along. I’ll explain. By giving you the raw data, you can do your own correlation and come up with insights that best fits you!

Home directories are usually gathered under a Parent folder ‘Home’ (Yeah, just go with it please…) Let’s assume that the folders in the parent folder are usernames (\\server\Home\%USERNAME%? We good? Ok) We can then use that folder name to lookup an account In Active Directory. The outcome of that query could be either nonexistent,disabled or enabled. If it’s non-existent then why is it still there? If disabled, it’s just taking up space and should be archived as soon as possible. Once you move or delete non-existent or disabled user home directories, you’ll remain with user home directories you need to pay attention to. Less clutter, everyone’s happy!

Here’s where I added a little flavor of my own, I also added the Active Directory User Home Directory property to the mix. The account may be enabled but that doesn’t necessarily mean the folder is the one being used on the volume. I found that some users where using a subfolder within that directory. Granted the NTFS rights were there, still, wasn’t what I expected. Some homedirectory properties were empty, there is a folder but it isn’t being used. Adding the HomeDirectory gave me just a little bit more to work with and some more insight.

Export to CSV and fire up Excel and do your correlation there! Need to find enabled users home directory that are different? or empty? Why yes you can! 🙂

So here’s the script:


<#

    Author: ing. I.C.A. Strachan
    Version: 1.0.0
    Version History:

    Purpose: Find enabled,disabled and orphaned AD user accounts based on home directory
             name.

             Return UserName,FullPath,HomeDirectory,AccountStatus
             UserName: The folder found under $HomePolderPath is user as username
             FullPath: The fullpath of the folder found under $HomePathFolder
             HomeDirectory: Active Directory User HomeDirectory property of disabled and enabled AD Accounts
             AccountStatus: Either non-existent,enabled or disabled

#>

[CmdletBinding()]
param(
    [string]$HomeFolderPath = '\\server\home$',

    [switch]$Export
)

# Check if HomeFolderPath is found, exit with warning message if path is incorrect
if (!(Test-Path -LiteralPath $HomeFolderPath)){
    Write-Warning &quot;HomeFolderPath not found: $HomeFolderPath&quot;
    exit
}

#Empty array to hold results
$arrExportOrphanedHomeFolders = @()

# Main loop, for each folder found under home folder path AD is queried to find a matching samaccountname
Get-ChildItem -LiteralPath &quot;$HomeFolderPath&quot; -Force | Where-Object {$_.PSIsContainer} | ForEach-Object {
    Try{
        $CurrentPath = Split-Path -Path $_ -Leaf
        $ADResult = ([adsisearcher]&quot;(samaccountname=$CurrentPath)&quot;).Findone()

        # If no matching samaccountname is found this code is executed and displayed
        if (!($ADResult)) {
            $HashProps = @{
                'UserName' = $CurrentPath
                'FullPath' = $_.FullName
                'HomeDirectory' = 'N/A'
                'Account Status' ='Non-Existent'
            }

            # Output the object
            $arrExportOrphanedHomeFolders += New-Object -TypeName PSCustomObject -Property $HashProps

            # If samaccountname is found but the account is disabled this information is displayed
        }
        elseif (([boolean]($ADResult.Properties.useraccountcontrol[0] -band 2))) {
            $HashProps = @{
                'UserName' = $CurrentPath
                'FullPath' = $_.FullName
                'HomeDirectory' = $($ADResult.Properties.homedirectory)
                'Account Status' ='Disabled'
            }
            # Output the object
            $arrExportOrphanedHomeFolders += New-Object -TypeName PSCustomObject -Property $HashProps

            # Reserved for future use, folders that do have active user accounts
        }
        else {
            $HashProps = @{
                'UserName' = $CurrentPath
                'FullPath' = $_.FullName
                'HomeDirectory' = $($ADResult.Properties.homedirectory)
                'Account Status' ='Enabled'
            }
            # Output the object
            $arrExportOrphanedHomeFolders += New-Object -TypeName PSCustomObject -Property $HashProps
        }
    }
    catch {
        Write-Warning $_
    }
}

#Present results
if ($Export) {
    Write-Verbose &quot;Exporting results to $pwd\export\dsa\Get-OrphanedHomeFolders.csv&quot;
    $arrExportOrphanedHomeFolders | select UserName,FullPath,HomeDirectory, 'Account Status' |  Export-CSV -NoTypeInformation &quot;$pwd\export\dsa\Get-OrphanedHomeFolders.csv&quot; -delimiter ';' -Encoding UTF8
}
else {
    if (!($PSCmdlet.MyInvocation.BoundParameters['Verbose'].IsPresent)) {
        $arrExportOrphanedHomeFolders | select UserName,FullPath,HomeDirectory, 'Account Status' | Out-GridView -Title &quot;OrphanedHomeFolders - $(Get-Date)&quot;
    }
}

For reporting purposes, it’s a start… 😉

Hope it’s worth something to you!

Ttyl,

Urv

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s