Getting Orphaned HomeDirectories – Take II

Speaking of correlations, here’s another spin on getting orphaned homedirectories.

The previous version will get you a crude report about your home directories. So what’s the next step? Who do you approach with your findings? What else can you tell me? And more appropriately, how do I go about rectifying my findings? The report started out as finding orphaned home directories but it could be a lot more! 🙂

Active Directory has quite a few Attributes to play with: location, Department, Manager, OfficePhone, DistinguishedName, just to name a few.

What if we were to add a few more attributes to the mix, say, location,department and manager? See where I’m going with this?

Of course the attributes need to be filled in, just a thought… 😉

Adding these attributes can help generate reports based on the correlations you deem necessary.

You can now gather all disabled accounts and report to the manager and inform him that these users will be archived without further objection. Need an overview of all users per location. Done! You can always present your findings to a branch manager. How about an an overview of all the users based on the department attribute? 🙂

But here’s the catch, we’re not going to do the correlation in PowerShell… Say what??? So what’s the point of all this? The point is to gather a dataset with which you can do your own data correlation. This way your not limiting yourself to potential insights otherwise overlooked.

This isn’t anything new, a DB guy would just smirk at this, “Oh so you finally figured out what Databases are for? Well good for you!”

So why the sudden interest in datasets and correlations and stuff? Well it all has to do with a book I recently read: Big Data: A Revolution That Will Transform How We Live, Work, and Think. A good read for anyone who wants to learn more about the Big Data movement. There’s definitely an upside (and a downside as well) when it comes to Big Data. Definitely worth the read!

It would seems that I too (ahem) have fallen prey into thinking that datasets have a singular purpose to which their value is tied. I started out with only reporting orphaned homedirectories, but by adding more attributes I got much more out of the dataset. What does manager, department or location have to do with orphaned home directories? At first sight, not much, but in the end it gave us more information about the orphaned homedirectories. I added the user’s OU as well on the odd chance department isn’t filled in, I’d still have a idea where to place the user based on the OU. What I found was that all the disabled accounts were moved to a “Disabled” OU. See? Instant added value! 🙂

Well, I think you get the picture.

Here’s the updated version:

   [string]$HomeFolderPath = '\\server\users$'

# Main loop, for each folder found under home folder path AD is queried to find a matching samaccountname
Get-ChildItem -LiteralPath "$HomeFolderPath" -Force | Where-Object {$_.PSIsContainer} | ForEach-Object {
      $CurrentPath = Split-Path -Path $_ -Leaf
      $ADResult = ([adsisearcher]"(samaccountname=$CurrentPath)").Findone()

      #DRY Principle: Let's just go ahead and get these properties if ADResults isn't empty
      if ($ADResult){

         #Get Manager's Name if filled in
         $manager = $null
         if($($ADResult.Properties.manager) -ne $null) {
            $manager = Get-ADUser -Identity $($ADResult.Properties.manager) | Select-Object Name -ExpandProperty Name
         #Let's just default status to enabled
         $status = 'Enabled'
         if (([boolean]($ADResult.Properties.useraccountcontrol[0] -band 2))){
            $status = 'Disabled'

         #Get user Parent OU ADSPath
            $ouIndex = $($ADResult.Properties.distinguishedname).IndexOf('OU=')
            $OU = ($ADResult.Properties.distinguishedname).Substring($ouIndex)
            Write-Warning -Message "Object $($ADResult.Properties.distinguishedname) is in a Container. "
            $OU='Default Container'

         $HashProps = [PSCustomObject]@{
            'SamAccountName' = $CurrentPath
            'Name' = $($
            'FullPath' = $_.FullName
            'HomeDirectory' = $($ADResult.Properties.homedirectory)
            'Manager' = $manager
            'Location' = $($ADResult.Properties.l)
            'Department' = $($ADResult.Properties.department)
            'Account Status' = $status
            'OU' = $OU
      Else {
         #no matching samaccountname has been found
         $HashProps = [PSCustomObject]@{
            'SamAccountName' = $CurrentPath
            'Name'= 'N/A'
            'FullPath' = $_.FullName
            'HomeDirectory' = 'N/A'
            'Manager' = 'N/A'
            'Location' = 'N/A'
            'Department' = 'N/A'
            'Account Status' = 'Non-Existent'
            'OU' = 'N/A'
   catch {
      Write-Warning $_
      #write output $HashProps

Hope it’s worth something to you.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s