Tag Archives: Orphaned Folders

Getting Orphaned HomeDirectories – Take II

Speaking of correlations, here’s another spin on getting orphaned homedirectories.

The previous version will get you a crude report about your home directories. So what’s the next step? Who do you approach with your findings? What else can you tell me? And more appropriately, how do I go about rectifying my findings? The report started out as finding orphaned home directories but it could be a lot more! 🙂

Active Directory has quite a few Attributes to play with: location, Department, Manager, OfficePhone, DistinguishedName, just to name a few.

What if we were to add a few more attributes to the mix, say, location,department and manager? See where I’m going with this?

Of course the attributes need to be filled in, just a thought… 😉

Adding these attributes can help generate reports based on the correlations you deem necessary.

You can now gather all disabled accounts and report to the manager and inform him that these users will be archived without further objection. Need an overview of all users per location. Done! You can always present your findings to a branch manager. How about an an overview of all the users based on the department attribute? 🙂

But here’s the catch, we’re not going to do the correlation in PowerShell… Say what??? So what’s the point of all this? The point is to gather a dataset with which you can do your own data correlation. This way your not limiting yourself to potential insights otherwise overlooked.

This isn’t anything new, a DB guy would just smirk at this, “Oh so you finally figured out what Databases are for? Well good for you!”

So why the sudden interest in datasets and correlations and stuff? Well it all has to do with a book I recently read: Big Data: A Revolution That Will Transform How We Live, Work, and Think. A good read for anyone who wants to learn more about the Big Data movement. There’s definitely an upside (and a downside as well) when it comes to Big Data. Definitely worth the read!

It would seems that I too (ahem) have fallen prey into thinking that datasets have a singular purpose to which their value is tied. I started out with only reporting orphaned homedirectories, but by adding more attributes I got much more out of the dataset. What does manager, department or location have to do with orphaned home directories? At first sight, not much, but in the end it gave us more information about the orphaned homedirectories. I added the user’s OU as well on the odd chance department isn’t filled in, I’d still have a idea where to place the user based on the OU. What I found was that all the disabled accounts were moved to a “Disabled” OU. See? Instant added value! 🙂

Well, I think you get the picture.

Here’s the updated version:

[CmdletBinding()]
param(
   [string]$HomeFolderPath = '\\server\users$'
)

# Main loop, for each folder found under home folder path AD is queried to find a matching samaccountname
Get-ChildItem -LiteralPath "$HomeFolderPath" -Force | Where-Object {$_.PSIsContainer} | ForEach-Object {
   Try{
      $CurrentPath = Split-Path -Path $_ -Leaf
      $ADResult = ([adsisearcher]"(samaccountname=$CurrentPath)").Findone()

      #DRY Principle: Let's just go ahead and get these properties if ADResults isn't empty
      if ($ADResult){

         #Get Manager's Name if filled in
         $manager = $null
         if($($ADResult.Properties.manager) -ne $null) {
            $manager = Get-ADUser -Identity $($ADResult.Properties.manager) | Select-Object Name -ExpandProperty Name
         }
            
         #Let's just default status to enabled
         $status = 'Enabled'
         if (([boolean]($ADResult.Properties.useraccountcontrol[0] -band 2))){
            $status = 'Disabled'
         }

         #Get user Parent OU ADSPath
         try{
            $ouIndex = $($ADResult.Properties.distinguishedname).IndexOf('OU=')
            $OU = ($ADResult.Properties.distinguishedname).Substring($ouIndex)
         }
         catch{
            Write-Warning -Message "Object $($ADResult.Properties.distinguishedname) is in a Container. "
            $OU='Default Container'
         }

         $HashProps = [PSCustomObject]@{
            'SamAccountName' = $CurrentPath
            'Name' = $($ADResult.Properties.name)
            'FullPath' = $_.FullName
            'HomeDirectory' = $($ADResult.Properties.homedirectory)
            'Manager' = $manager
            'Location' = $($ADResult.Properties.l)
            'Department' = $($ADResult.Properties.department)
            'Account Status' = $status
            'OU' = $OU
         }
      }
      Else {
         #no matching samaccountname has been found
         $HashProps = [PSCustomObject]@{
            'SamAccountName' = $CurrentPath
            'Name'= 'N/A'
            'FullPath' = $_.FullName
            'HomeDirectory' = 'N/A'
            'Manager' = 'N/A'
            'Location' = 'N/A'
            'Department' = 'N/A'
            'Account Status' = 'Non-Existent'
            'OU' = 'N/A'
         }
      }
   }
   catch {
      Write-Warning $_
   }
   finally{
      #write output $HashProps
      $HashProps
   }
}

Hope it’s worth something to you.

Ttyl,

Urv

Getting oprhaned HomeDirectories

First things first, I have to give Jaap Brasser his props!

Jaap’s script does a whole lot more!

I liked the idea of finding orphaned home directories on a volume for reporting purposes. These days I’m more into gathering data than trying to interpret the data in the script as I go along. I’ll explain. By giving you the raw data, you can do your own correlation and come up with insights that best fits you!

Home directories are usually gathered under a Parent folder ‘Home’ (Yeah, just go with it please…) Let’s assume that the folders in the parent folder are usernames (\\server\Home\%USERNAME%? We good? Ok) We can then use that folder name to lookup an account In Active Directory. The outcome of that query could be either nonexistent,disabled or enabled. If it’s non-existent then why is it still there? If disabled, it’s just taking up space and should be archived as soon as possible. Once you move or delete non-existent or disabled user home directories, you’ll remain with user home directories you need to pay attention to. Less clutter, everyone’s happy!

Here’s where I added a little flavor of my own, I also added the Active Directory User Home Directory property to the mix. The account may be enabled but that doesn’t necessarily mean the folder is the one being used on the volume. I found that some users where using a subfolder within that directory. Granted the NTFS rights were there, still, wasn’t what I expected. Some homedirectory properties were empty, there is a folder but it isn’t being used. Adding the HomeDirectory gave me just a little bit more to work with and some more insight.

Export to CSV and fire up Excel and do your correlation there! Need to find enabled users home directory that are different? or empty? Why yes you can! 🙂

So here’s the script:


<#

    Author: ing. I.C.A. Strachan
    Version: 1.0.0
    Version History:

    Purpose: Find enabled,disabled and orphaned AD user accounts based on home directory
             name.

             Return UserName,FullPath,HomeDirectory,AccountStatus
             UserName: The folder found under $HomePolderPath is user as username
             FullPath: The fullpath of the folder found under $HomePathFolder
             HomeDirectory: Active Directory User HomeDirectory property of disabled and enabled AD Accounts
             AccountStatus: Either non-existent,enabled or disabled

#>

[CmdletBinding()]
param(
    [string]$HomeFolderPath = '\\server\home$',

    [switch]$Export
)

# Check if HomeFolderPath is found, exit with warning message if path is incorrect
if (!(Test-Path -LiteralPath $HomeFolderPath)){
    Write-Warning &quot;HomeFolderPath not found: $HomeFolderPath&quot;
    exit
}

#Empty array to hold results
$arrExportOrphanedHomeFolders = @()

# Main loop, for each folder found under home folder path AD is queried to find a matching samaccountname
Get-ChildItem -LiteralPath &quot;$HomeFolderPath&quot; -Force | Where-Object {$_.PSIsContainer} | ForEach-Object {
    Try{
        $CurrentPath = Split-Path -Path $_ -Leaf
        $ADResult = ([adsisearcher]&quot;(samaccountname=$CurrentPath)&quot;).Findone()

        # If no matching samaccountname is found this code is executed and displayed
        if (!($ADResult)) {
            $HashProps = @{
                'UserName' = $CurrentPath
                'FullPath' = $_.FullName
                'HomeDirectory' = 'N/A'
                'Account Status' ='Non-Existent'
            }

            # Output the object
            $arrExportOrphanedHomeFolders += New-Object -TypeName PSCustomObject -Property $HashProps

            # If samaccountname is found but the account is disabled this information is displayed
        }
        elseif (([boolean]($ADResult.Properties.useraccountcontrol[0] -band 2))) {
            $HashProps = @{
                'UserName' = $CurrentPath
                'FullPath' = $_.FullName
                'HomeDirectory' = $($ADResult.Properties.homedirectory)
                'Account Status' ='Disabled'
            }
            # Output the object
            $arrExportOrphanedHomeFolders += New-Object -TypeName PSCustomObject -Property $HashProps

            # Reserved for future use, folders that do have active user accounts
        }
        else {
            $HashProps = @{
                'UserName' = $CurrentPath
                'FullPath' = $_.FullName
                'HomeDirectory' = $($ADResult.Properties.homedirectory)
                'Account Status' ='Enabled'
            }
            # Output the object
            $arrExportOrphanedHomeFolders += New-Object -TypeName PSCustomObject -Property $HashProps
        }
    }
    catch {
        Write-Warning $_
    }
}

#Present results
if ($Export) {
    Write-Verbose &quot;Exporting results to $pwd\export\dsa\Get-OrphanedHomeFolders.csv&quot;
    $arrExportOrphanedHomeFolders | select UserName,FullPath,HomeDirectory, 'Account Status' |  Export-CSV -NoTypeInformation &quot;$pwd\export\dsa\Get-OrphanedHomeFolders.csv&quot; -delimiter ';' -Encoding UTF8
}
else {
    if (!($PSCmdlet.MyInvocation.BoundParameters['Verbose'].IsPresent)) {
        $arrExportOrphanedHomeFolders | select UserName,FullPath,HomeDirectory, 'Account Status' | Out-GridView -Title &quot;OrphanedHomeFolders - $(Get-Date)&quot;
    }
}

For reporting purposes, it’s a start… 😉

Hope it’s worth something to you!

Ttyl,

Urv