Go Premium for a chance to win a PS4. Enter to Win


Looking for a way to find if the AD disabled accounts have HOME folders in a specific CIFS share

Posted on 2016-08-15
Medium Priority
Last Modified: 2016-08-21
Hi Experts,

I need help with the following:

I am working on the migration of a USER home directory CIFS share (very large). No clean up has been done since this was implemented and there are a lot of users that are disabled in AD but they still have their home folders as part of the CIFS share.

I've used PS to find all the AD disabled accounts. I am trying to find a way to see if those accounts have a folder that matches the name in a specific CIFS share (\\user\user\). If they do it would be great if they could be renamed to username_old or create a log somewhere for me to be able to trigger an action.

I currently have all the AD disabled account  information in a CSV file with the format below.

Could anyone let me know if there is a way for me to get this done without having to manually check over 4000 accounts?
--------------------------CSV looks like this
Question by:llarava
  • 2
  • 2
LVL 85

Expert Comment

ID: 41756966
So the csv has a header line, and the column is called samAccountName? And if it's a real csv, then you inserted the "--------------" line when posting it here?
This is in test mode and will only show which folders it would rename; remove the -WhatIf argument to run it for real.
It adds _old_ at the beginning of the folder name, so that you'll have all the old ones in a bunch when sorted.
Import-Csv D:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\<Server>\<Share>\$($_.SamAccountName)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}}

Open in new window

LVL 65

Expert Comment

ID: 41757341
Hi, here's an old crude script (VBS) that we run to check each folder from a share against a valid AD user.  It will then output the folder size of folder that does not have an associated AD enabled account.

'Set the Path and Name for LogFile for results.
strFileAttach = "C:\Reports\Size_Check.txt"
'Set the email address(s), use semicolon between multiple addresses.
EmailAddress1 = "your.user@yourdomain.com"
'Open The LogFile to write data into
Const ForWriting = 2
Set FSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = FSO.OpenTextFile(strFileAttach, ForWriting, True)
'Write some headings to the LogFile
MyFile.WriteLine(" ")
MyFile.WriteLine("Check User Folders with Disabled or NO AD User Account")
MyFile.WriteLine(" ")
MyFile.WriteLine(" ")	
'ADD PATHS HERE to Call SubRoutine to evaluate different root Paths
showfolderlist "\\fileserver\sharedfolder"
'Close text file
'Call the email function per user
enotify EmailAddress1, strFileAttach

'Cycle through root folders and get data on SUBfolders (the actual user folders)
Sub ShowFolderList(folderspec)
	MyFile.WriteLine("Root Folder Path = " & folderspec & "\")
	MyFile.WriteLine(" ")	
	MyFile.WriteLine(" ")		
	Dim objFSO, objFolder, objSubfolder, colSubfolders, iduser, idlist, Size
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objFolder = objFSO.GetFolder(folderspec)
	Set colSubfolders = objFolder.SubFolders
	For Each objSubfolder In colSubfolders
    		iduser = objSubfolder.name
		If UserExists(iduser,sDisplayName) Then
			'User does exist, so could do something here if we want to.		
			'wscript.echo "AD Account found for " & iduser & "  " & sDisplayName
  			idlist = idlist & iduser & "   - Folder Size (MB) =  " & FormatNumber(((objSubFolder.Size/1024)/1024),2) & vbCrlf
  			Size = FormatNumber(((objSubFolder.Size/1024)/1024),2) 'Get running Total Folder Size
  			Result = Round(Result,2) + Round(Size,2)
  		End If

	MyFile.WriteLine("Total Data (MB) = " & result)
	MyFile.WriteLine(" ")
	MyFile.WriteLine(" ")	
	size = "0"
End Sub

Function UserExists(sUser,sDisplayName)
  Dim oConnection, oCommand, oRoot, sDNSDomain, sQuery, sFilter, oResults
  UserExists = False
  sDisplayName = sUser
  On Error Resume Next
  ' Use ADO to search the domain for all users.
  Set oConnection = CreateObject("ADODB.Connection")
  Set oCommand = CreateObject("ADODB.Command")
  oConnection.Provider = "ADsDSOOBject"
  oConnection.Open "Active Directory Provider"
  Set oCommand.ActiveConnection = oConnection
  ' Determine the DNS domain from the RootDSE object.
  Set oRoot = GetObject("LDAP://RootDSE")
  sDNSDomain = oRoot.Get("DefaultNamingContext")
    sFilter = "(&(ObjectClass=user)(ObjectCategory=person)(samAccountName=" & sUser & ")(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))"
  sQuery = "<LDAP://" & sDNSDomain & ">;" & sFilter & ";displayName;subtree"
  oCommand.CommandText = sQuery
  oCommand.Properties("Page Size") = 100
  oCommand.Properties("Timeout") = 30
  oCommand.Properties("Cache Results") = False
  Set oResults = oCommand.Execute
  Do Until oResults.EOF
    if oResults.Fields("displayName") <> "" then
      sDisplayName = oResults.Fields("displayName")
      UserExists = True
    End if
  On Error Goto 0
End Function

'Code to send email message with attachement
Function enotify(EmailAddress, strFileAttach)
Set objMessage = CreateObject("CDO.Message") 
objMessage.Subject = "User Folders with Disabled or NO AD User Account"
objMessage.From = "reportsender@domain.com" 
objMessage.To = EmailAddress
objMessage.TextBody = "Report showing User Folders with Disabled or NO AD User Account."
objMessage.AddAttachment strFileAttach
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "x.x.x.x"
'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 
'==End remote SMTP server configuration section==
End Function

Open in new window


Author Comment

ID: 41758753

So the csv has a header line, and the column is called samAccountName? yes, I have remove it. Basically all the CSV has at this point is just usernames:


I've tried the following:

Import-Csv C:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\share\user\$($_.SamAccountNa
me)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}}

No errors but I don't get any output back...

What am I missing?

Author Comment

ID: 41758757
Additionally I've tested the following

Import-Csv C:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\share\user\$($_.SamAccountNa
me)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" }

...no errors but the home user folder it's not being renamed.
LVL 85

Accepted Solution

oBdA earned 2000 total points
ID: 41758885
Don't remove the header line. Without the header line, Import-Csv won't know the column name(s). I was only wondering about the "-----" line - this shouldn't be in the file.
If you'd rather work with a file only containing user names, the script would look like this (the "$($_)" will be replaced with the user name from the file):
Get-Content D:\Temp\DisabledAccounts.txt | % {If ($Path = Get-Item "\\<Server>\<Share>\$($_)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}} 

Open in new window


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question