Verify user name against home directory

Does anyone know of a software product or have some suggestions on writing a script used to verify my active user's names against their home directory?
To explain, I have a file server that Im trying to clean up and need to see if there is a script that can be made to list all the directories on this server that have active AD accounts.
I would like to delete any directories that do not have an active corresponding AD user account.
The directory name is the user name of the users account.
omen1280Asked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Ahh sorry... complete script again with the lines in the right place :)

Chris
Const HOME_FOLDER = "\\homeserver\user"
Const DOMAIN = "MID"
 
Const REPORT_FILE = "out.csv"
 
Function GetObjectDN(strObject, strDomain)
        ' Return Type: String
        '
        ' Returns a Distinguished Name for an Object from it's NT SAM ID.
        ' This will only function for valid object types within an NT Domain structure.
 
        Const ADS_NAME_INITTYPE_GC = 3
        Const ADS_NAME_TYPE_1779 = 1
        Const ADS_NAME_TYPE_NT4 = 3
 
        Dim objNameTranslate
        Dim strObjectDN
 
        On Error Resume Next : Err.Clear
        Set objNameTranslate = CreateObject("NameTranslate")
 
        objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
        objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strObject
        strObjectDN = objNameTranslate.Get(ADS_NAME_TYPE_1779)
        If Err.Number <> 0 Then  ' Make the DN Blank for a Failed Search
                strObjectDN = ""
        End If
 
        Set objNameTranslate = Nothing
        On Error Goto 0
 
        GetObjectDN = strObjectDN
End Function
 
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFileSystem.GetFolder(HOME_FOLDER)
 
Set objFile = objFileSystem.OpenTextFile(REPORT_FILE, 2, True, 0)
 
For Each objSubFolder in objFolder.SubFolders
        If GetObjectDN(objSubFolder.Name, DOMAIN) = "" Then
                objFile.WriteLine objSubFolder.Name & ",No User"
        End If
Next
 
Set objFile = Nothing
Set objFolder = Nothing
Set objFileSystem = Nothing

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

All the directories sit under a single folder?

Did a little script to match up folder names to users before, if it's all a single folder it'll match up exactly :)

Chris
0
 
omen1280Author Commented:
its a single folder and all the user folders sit under that directory

Example:
\\fileServer\users
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Chris DentPowerShell DeveloperCommented:

Perfect, give me a moment :)

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Save this off as a .vbs file, then run it from the command line with:

cscript <scriptname>

That'll mean it drops all the output to the command line, for every folder where it can't match up a username it'll write "No user".

Chris

Const HOME_FOLDER = "\\fileServer\users"
Const DOMAIN = "DomainName"
 
Function GetObjectDN(strObject, strDomain)
	' Return Type: String
	'
	' Returns a Distinguished Name for an Object from it's NT SAM ID.
	' This will only function for valid object types within an NT Domain structure.
 
	Const ADS_NAME_INITTYPE_GC = 3
	Const ADS_NAME_TYPE_1779 = 1
	Const ADS_NAME_TYPE_NT4 = 3
 
	Dim objNameTranslate
	Dim strObjectDN
 
	On Error Resume Next : Err.Clear
	Set objNameTranslate = CreateObject("NameTranslate")
 
	objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
	objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strObject
	strObjectDN = objNameTranslate.Get(ADS_NAME_TYPE_1779)
	If Err.Number <> 0 Then  ' Make the DN Blank for a Failed Search
		strObjectDN = ""
	End If
 
	Set objNameTranslate = Nothing
	On Error Goto 0
 
	GetObjectDN = strObjectDN
End Function
 
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFileSystem.GetFolder(HOME_FOLDER)
 
For Each objSubFolder in objFolder.SubFolders
	If GetObjectDN(objSubFolder.Name, DOMAIN) = "" Then
		WScript.Echo objSubFolder.Name & ": No User"
	End If
Next

Open in new window

0
 
omen1280Author Commented:
thanks this works perfect but if i want this data to be pushed out to a text file or an csv file, i assume i would have to change the following line to something else.
Would you be able to tell me what that is?
WScript.Echo objSubFolder.Name & ": No User"

Also, can the script have the ability to check to see if any other actual users have access to this directory other than the default windows system accounts?
0
 
Chris DentPowerShell DeveloperCommented:

Sort of for the first bit, and yes for the second part (within reason). Give me a moment again.

Chris
0
 
Chris DentPowerShell DeveloperCommented:

Here we go.

Access level enumeration is fairly complex, detecting inheritance even more so, are those a requirement?

Chris

Const HOME_FOLDER = "\\fileServer\users"
Const DOMAIN = "DomainName"
 
' Server Name for WMI Connection
Const SERVER_NAME = "SERVERNAME"
 
' Must be a local path for Security Enumeration
Const SERVER_PATH = "PathToFolderOnServer" 
 
Const REPORT_FILE = "out.csv"
 
Function GetObjectDN(strObject, strDomain)
	' Return Type: String
	'
	' Returns a Distinguished Name for an Object from it's NT SAM ID.
	' This will only function for valid object types within an NT Domain structure.
 
	Const ADS_NAME_INITTYPE_GC = 3
	Const ADS_NAME_TYPE_1779 = 1
	Const ADS_NAME_TYPE_NT4 = 3
 
	Dim objNameTranslate
	Dim strObjectDN
 
	On Error Resume Next : Err.Clear
	Set objNameTranslate = CreateObject("NameTranslate")
 
	objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
	objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strObject
	strObjectDN = objNameTranslate.Get(ADS_NAME_TYPE_1779)
	If Err.Number <> 0 Then  ' Make the DN Blank for a Failed Search
		strObjectDN = ""
	End If
 
	Set objNameTranslate = Nothing
	On Error Goto 0
 
	GetObjectDN = strObjectDN
End Function
 
Function EnumAccess(strPath, strServer)
	' Return Type: String
	'
	' Returns Trustee for each ACE within the ACL.
 
	Dim objLocator, objService, objFileSecSetting, objACE, objTrustee
	Dim strName, strEnumAccess
 
	Set objLocator = CreateObject("WbemScripting.SWbemLocator")
	Set objService = objLocator.ConnectServer(strServer, "root/cimv2")
 
	Set objFileSecSetting = objService.Get("Win32_LogicalFileSecuritySetting.Path=""" &_
		Replace(strPath,"\","\\") & """")
 
	objFileSecSetting.GetSecurityDescriptor objSecurityDescriptor
 
	For Each objACE in objSecurityDescriptor.DACL
		Set objTrustee = objACE.Trustee
		strName = objTrustee.Name
		If strName <> "Administrators" And strName <> "Everyone" And _
				strName <> "SYSTEM" And strName <> "Users" And _
				strName <> "CREATOR OWNER" And strName <> "Domain Admins" Then
			strEnumAccess = strEnumAccess & strName & ";"
		End If
	Next
	
	EnumAccess = strEnumAccess
	
	Set objFileSecSetting = Nothing
	
	Set objLocator = Nothing
	Set objService = Nothing	
End Function
 
'
' Main Code
'
 
Dim objFileSystem, objFolder, objSubFolder, objFile
Dim strPath, strAccess
 
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFileSystem.GetFolder(HOME_FOLDER)
 
Set objFile = objFileSystem.OpenTextFile(REPORT_FILE, 2, True, 0)
objFile.WriteLine "Folder Name,Status,Other Access"
 
For Each objSubFolder in objFolder.SubFolders
	If GetObjectDN(objSubFolder.Name, DOMAIN) = "" Then
		strPath = Replace(objSubFolder.Path, HOME_FOLDER, SERVER_PATH, 1, -1, VbTextCompare)
	
		strAccess = EnumAccess(strPath, SERVER_NAME)
		
		objFile.WriteLine objSubFolder.Name & ",No User," & strAccess
	End If
Next
 
Set objFile = Nothing
 
Set objFolder = Nothing
Set objFileSystem = Nothing

Open in new window

0
 
omen1280Author Commented:
says there is a problem in line 53 see attached screen shot
script-error.jpg
0
 
Chris DentPowerShell DeveloperCommented:

We get that one if the path it's passing through, as a local path, isn't accurate.

Quite difficult to get it to do all that lot properly without lots of messing around.

Basically, it needs HOME_FOLDER and SERVER_PATH to be something like this:

Const HOME_FOLDER = "\\FILESERVER\Share"
Const SERVER_PATH = "D:\Users"

Where D: is the local drive on the server.

If that's not all written absolutely correctly we don't end up with the correct value in strPath, which means it returns a "Not Found" error when trying to retrieve the Security Descriptor.

Chris
0
 
omen1280Author Commented:
ok so  have decided that the second script would be too difficult so i switched back to the fist script you have listed.

This is what i have but im getting an error
Can you tell what im doing wrong?
the server name is \\homeserver and the dir name is user
the domain name is MID
Const HOME_FOLDER = "\\homeserver\user"
Const DOMAIN = "MID"
 
Function GetObjectDN(strObject, strDomain)
	' Return Type: String
	'
	' Returns a Distinguished Name for an Object from it's NT SAM ID.
	' This will only function for valid object types within an NT Domain structure.
 
	Const ADS_NAME_INITTYPE_GC = 3
	Const ADS_NAME_TYPE_1779 = 1
	Const ADS_NAME_TYPE_NT4 = 3
 
	Dim objNameTranslate
	Dim strObjectDN
 
	On Error Resume Next : Err.Clear
	Set objNameTranslate = CreateObject("NameTranslate")
 
	objNameTranslate.Init ADS_NAME_INITTYPE_GC, ""
	objNameTranslate.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strObject
	strObjectDN = objNameTranslate.Get(ADS_NAME_TYPE_1779)
	If Err.Number <> 0 Then  ' Make the DN Blank for a Failed Search
		strObjectDN = ""
	End If
 
	Set objNameTranslate = Nothing
	On Error Goto 0
 
	GetObjectDN = strObjectDN
End Function
 
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFileSystem.GetFolder(HOME_FOLDER)
 
For Each objSubFolder in objFolder.SubFolders
	If GetObjectDN(objSubFolder.Name, DOMAIN) = "" Then
		WScript.Echo objSubFolder.Name & ": No User"
	End If
 
Next

Open in new window

0
 
Chris DentPowerShell DeveloperCommented:

What's the error it's throwing?

Chris
0
 
omen1280Author Commented:
ok i got it to work with out any errors.
So if i just want to make it export to a csv would you add the following on line 3?
Const REPORT_FILE = "out.csv"
0
 
Chris DentPowerShell DeveloperCommented:

That and a few more lines as well :)

Add this one under the Scripting.FileSystem line (to create the file):

Set objFile = objFileSystem.OpenTextFile(REPORT_FILE, 2, True, 0)

Then you need to swap one as well. This one:

WScript.Echo objSubFolder.Name & ": No User"

Changes to (to write the results to the file):

objFile.WriteLine objSubFolder.Name & ",No User

Chris
0
 
omen1280Author Commented:
Sorry to bother you again Chris but i dont see that line that you refrence.
0
 
omen1280Author Commented:
Chris thanks a lot for your help much appreciated
0
 
Chris DentPowerShell DeveloperCommented:

You're most welcome :)

Chris
0
All Courses

From novice to tech pro — start learning today.