Tag Archives: Technet

New script: Find Orphaned Home Folders

Leave a reply

I recently uploaded a new script, Get-OrphanHomeFolder.ps1 to the TechNet Gallery. The script is designed to get a list of all folders in a path and for each of those folders it will query AD to verify if there is a matching Sam account. If this property is not found the script considers this to be an orphaned home folder. If the -FolderSize property is specified the script will retrieve the size of the orphaned folder and display the results as an array of objects.

The script is available here: Technet Gallery: Get-OrphanHomeFolder.ps1

This portion of the script will grab the folder name and query AD for a matching samaccountname, to do this I utilize the [adsisearcher] accelerator so there is no dependency on the AD Cmdlets in this script:

49
50

$CurrentPath = Split-Path $_ -Leaf
$ADResult = ([adsisearcher]"(samaccountname=$CurrentPath)").Findone()

If a matching account is not found the script will display the error, in this case the ‘Account does not exist and has a home folder‘ message and the full path to the folder. This information is stored in a hashtable. The code for that look like this:

54
55
56
57

$HashProps = @{
    'Error' = 'Account does not exist and has a home folder'
    'FullPath' = $_.FullName
}

The information gathered in this hash table is then used to build a custom PowerShell object with the hash table as its properties:

65

New-Object -TypeName PSCustomObject -Property $HashProps

For more information about this script or any of the other contributions, drop me a line and I will be happy to discuss this further.

New script: Compare group membership of AD accounts

1 Reply

Today I laid down the last lines of code on a script that compares group membership between two Active Directory User Accounts. Based on the the differences in group membership the group membership of the destination account is modified. This scripts only prompts for information through a user interface, making it easy to use. The script is available in the TechNet Script Center Repository.
GUI – Compare group membership of two users and change user membership

Although the script is completely GUI driven it does accept two parameters, sourceaccount & destinationaccount. If the parameters are not supplied the script will prompt the user for both the Source and the Destination account as such.

I made the choice to use the Visual Basic assembly in order to display and gather the information. At the start of the script I use the following line of code to load this assembly:

[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')

And then using the Microsoft.VisualBasic.Interaction to create the input box in which the source account can be entered:

[Microsoft.VisualBasic.Interaction]::InputBox("Text", "Title", "Defaultvalue")

Followed by a prompt for the Destination user, the user on which the changes to group membership will be applied.

Assuming both users exist, the script will now verify if there are any differences in group membership. It looks for two differences:

  • Groups that the source user is a member of and the destination user is not
  • Groups that the destination user is a member of and the source user is not

I am using the Compare-Object Cmdlet to compare the group membership of both users using the property SideIndicator to determine which account is a member of what groups using the following code:

compare-object $destmember.memberof $sourcemember.memberof |
where-object {$_.sideindicator -eq '=>'})

Using this logic we can also determine which groups the destination user is a member of by either switching around the SideIndicator or the order of the $destmember and $sourcemember objects.

If there are any differences in either category, the script will prompt the user with the action it intends to take.

The list of groups that is displayed in this window is a combination of the Compare-Object output which I expand using the Select-Object Cmdlet. The output is then piped into a Foreach-Object loop in which the group names are stripped of their distinguished name to present a more readable format. This is done by using a regular expression combined with the split command. The complete list of clean group names is then joined up and placed on separate lines using the -join command. Here is an example of the code I used for this:

(Compare-Object $destmember.memberof $sourcemember.memberof |
where-object {$_.sideindicator -eq '=>'} | Select -Expand Inputobject |
Foreach {([regex]::split($_,'^CN=|,.+$'))[1]}) -join "`n"

Similarly if the destination user has group membership of a group the source user is not a member of, the script will prompt if the destination user should be removed from those groups.

Based on the answers given on these prompts, the script will now execute one of these options:

  • Nothing
  • Add destination user to source user’s groups
  • Remove destination user from any groups that source is not a member of
  • Both add and remove the destination user from any groups that match the source users account. Effectively cloning group membership.

After the script completes it will display a message informing the user that the actions have successfully been executed.

That is the basic functionality of this script, it allows for easy cloning of group memberships using PowerShell. This script does require the ActiveDirectory module to be installed on the machine on which it is executed. Let me know what you think of this script!

Collection of scripts

Leave a reply

Recently I started contributing scripts to the community by uploading some of my scripts to the Technet Script Repository. Today I would like to highlight two of the scripts I have uploaded.

Delete files older than x-days – Cleanup Script

This script delete files older than x-days. The script is built to be used as a scheduled task, it automatically generates a logfile name based on the copy location and the current date/time. There are various levels of logging available and the script can also run in -listonly mode in which it only lists the files it would otherwise delete. There are two main routines, one to delete the files and a second routine that checks if there are any empty folders left that could be deleted.

PowerShell function to run as a different user

Script with both both the ability to set and get. When the Set switch is specified the script will prompt for credentials and write the password to the file file specified. When the script is running with the Get switch the script will read the password from the file specified in the $filename variable and use the username specified in the $username variable. This allows you to runas another identity without having to enter credentials.

For a complete listing of all scripts I have published please have a look at the Technet Gallery I have published other scripts there as well and I will be happy to answer any questions you have about them.