Get-OrphanHomeFolder – New version in TechNet Script Gallery

I received two requests for new functionality in the Get-OrphanHomeFolder script. This script compares the folder names in a specified path to existing samaccountnames. If the script does not find a match it will list the folder as a possible orphaned folder, it also displays if an account is disabled. The script is available for download in the TechNet script library: Get-OrphanHomeFolder.

A simple example of how to use this function is as follows:

.\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server01\Home -FolderSize

Will list all the folders in the \\Server01\Home path. For each of these folders it will query AD using the foldername, if the query does not return an AD account or a disabled AD account an error will be logged and the size of the folder will be reported

Using more parameters specific folders can be excluded from results and all orphaned folders are moved to another folder:

.\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home -MoveFolderPath \\Server03\Fileshare\MovedHomeFolders -ExcludePath \\Server02\Fileshare\Home\JBrasser,\\\\Server02\Fileshare\Home\MShajin -UseRobocopy 
Will list all the folders in the \\Server02\Fileshare\Home folder and will move orphaned folders using robocopy, excluding JBrasser and MShajin, to \\Server03\Fileshare\MovedHomeFolders while displaying results to console 

The complete function is available in the TechNet Script Library. To view this script or to participate in the discussions about this script either comment here or in the TechNet Script Gallery. Because some of the new functionality, specifically the parameter sets and support for common parameter, the latest version of Connect-Mstsc is not compatible with PowerShell 2.0. To remedy this problem I have uploaded a PowerShell 2.0 compatible version as well.

TechNet Script Library
My entries in TechNet Script Gallery
TwitterLinkedInFacebookGoogle+RedditWordPressEmailTumblrPinterestHacker NewsShare

QuickTip: Update Windows Defender definitions using Update-MPSignature

Since protecting your computer is as important as anything it might be nice to know that there is also a PowerShell cmdlet available to manually update your virus and malware definitions:


So for example if you would like your Windows Defender definitions to be updated every time a new PowerShell window is opened the following code could be added to your PowerShell profile:

Update-MPSignature -AsJob

I added in the -AsJob so the updating will take place in the background and PowerShell is immediately available to use. To add this to your current PowerShell profile you could execute the following code:

Add-Content -Path $Profile -Value "`r`nUpdate-MPSignature -AsJob`r`n"

The next time you launch PowerShell it will automatically update your definitions:


Active Directory Friday: Find empty Organizational Unit

As an Active Directory Administrator there are some moments, few and far in between where you might have a moment to yourself. In this article I will give you a short line of code so you can use this moment to find out if you have any empty Organizational Units in your domain. The definition of empty is an OU that does not contain any child objects. By this definition an OU containing another OU would not be considered empty. Because there is no LDAP filter for this we will take a look at how to do this using the Cmdlets and the [adsisearcher] type accelerator.

In the following example I will use Get-ADOrganizationalUnit in combination with an if-statement and Get-ADObject to gather empty OUs:

Get-ADOrganizationalUnit -Filter * | ForEach-Object {
	   if (-not (Get-ADObject -SearchBase $_ -SearchScope OneLevel -Filter * )) {

So lets have a look at what this code does, the first portion is straight forward, gather all OUs using the Get-ADOrganizationalUnit cmdlet and pipe it into the ForEach-Object cmdlet. The if-statement is the interesting part here, I am using the Get-ADObject cmdlet to establish if this OU contains any child object, by setting the SearchBase to that OU and setting the SearchScope to OneLevel. Setting the SearchScope to OneLevel will only return direct child objects of the parent, the OU, without returning the OU itself. Because of this Get-ADObject will not return any objects if the OU is empty.

For more information about the SearchScope parameter and the possible arguments have a look at the following link: Specifying the Search Scope

Because you might not have the ActiveDirectory module loaded in your current PowerShell session it can be useful to know the [adsisearcher] alternative:

([adsisearcher]'(objectcategory=organizationalunit)').FindAll() | Where-Object {
   -not (-join $_.GetDirectoryEntry().psbase.children) }

This is a slightly different approach to illustrate a different method of gathering empty OUs, here we check the Children property part of the base object that is retrieved. The -join operator is used to ensure the -not does not evaluate the empty System.DirectoryServices.DirectoryEntries object as true.

Using the logic in this post it is also possible to filter for other specific objects contained in the OUs. For example display OUs that only have user objects, display OUs with both user and computer objects and so on.

For more information on this subject please refer to the following links:

Additional resources
Specifying the Search Scope

New article on PowerShell Magazine: Connect to Azure Virtual Machines without being prompted for credentials

The mstsc tool unfortunately does not support credentials, because of this I have written a short function that uses mstsc in combination a input of username and password or a PowerShell credential object. In the tip on PowerShell Magazine I show how to use this function to connect to Azure virtual machines. The full article  is available on PowerShell Magazine : Connect to Azure Virtual Machines without being prompted for credentials

Connect-Mstsc –ComputerName –U jaapbrasser -P secretpw1

For more articles like this, have a look at the External Articles section of my blog, it contains all the articles I have posted on external sources such as PowerShell Magazine.

Links in this Article
PSTip: Connect to Azure Virtual Machines without being prompted for credentials
PowerShell Magazine
External Articles
My entries in TechNet Script Gallery

New article on PowerShell Magazine: Change a drive letter using Win32_Volume class

In Powershell there are a lot of neat little tricks available, today I will show how to change a drive letter using the Win32_Volume WMI class. The full article  is available on PowerShell Magazine : Change a drive letter using Win32_Volume class

$DvdDrive = Get-CimInstance -Class Win32_Volume -Filter "driveletter='F:'"
Set-CimInstance -InputObject $DvdDrive -Arguments @{DriveLetter="Z:"}

For more articles like this, have a look at the External Articles section of my blog, it contains all the articles I have posted on external sources such as PowerShell Magazine.

Links in this Article
PSTip: Change a drive letter using Win32_Volume class
PowerShell Magazine
External Articles