Solved

Looking for a way to find if the AD disabled accounts have HOME folders in a specific CIFS share

Posted on 2016-08-15
5
37 Views
Last Modified: 2016-08-21
Hi Experts,

I need help with the following:

I am working on the migration of a USER home directory CIFS share (very large). No clean up has been done since this was implemented and there are a lot of users that are disabled in AD but they still have their home folders as part of the CIFS share.

I've used PS to find all the AD disabled accounts. I am trying to find a way to see if those accounts have a folder that matches the name in a specific CIFS share (\\user\user\). If they do it would be great if they could be renamed to username_old or create a log somewhere for me to be able to trigger an action.

I currently have all the AD disabled account  information in a CSV file with the format below.

Could anyone let me know if there is a way for me to get this done without having to manually check over 4000 accounts?
 
--------------------------CSV looks like this
samAccountName
--------------
mgiblin
ociter
tpearson
WomensImagingUserT
ebaumbusch
pbose
lrhodes2
jwiggins
0
Comment
Question by:llarava
  • 2
  • 2
5 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 41756966
So the csv has a header line, and the column is called samAccountName? And if it's a real csv, then you inserted the "--------------" line when posting it here?
This is in test mode and will only show which folders it would rename; remove the -WhatIf argument to run it for real.
It adds _old_ at the beginning of the folder name, so that you'll have all the old ones in a bunch when sorted.
Import-Csv D:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\<Server>\<Share>\$($_.SamAccountName)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}}

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 41757341
Hi, here's an old crude script (VBS) that we run to check each folder from a share against a valid AD user.  It will then output the folder size of folder that does not have an associated AD enabled account.

'Set the Path and Name for LogFile for results.
strFileAttach = "C:\Reports\Size_Check.txt"
'Set the email address(s), use semicolon between multiple addresses.
EmailAddress1 = "your.user@yourdomain.com"
'Open The LogFile to write data into
Const ForWriting = 2
Set FSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = FSO.OpenTextFile(strFileAttach, ForWriting, True)
'Write some headings to the LogFile
MyFile.WriteLine(" ")
MyFile.WriteLine("Check User Folders with Disabled or NO AD User Account")
MyFile.WriteLine(" ")
MyFile.WriteLine("------------------------------------------------------")
MyFile.WriteLine(" ")	
'ADD PATHS HERE to Call SubRoutine to evaluate different root Paths
showfolderlist "\\fileserver\sharedfolder"
'Close text file
MyFile.Close
'Call the email function per user
enotify EmailAddress1, strFileAttach

'Cycle through root folders and get data on SUBfolders (the actual user folders)
Sub ShowFolderList(folderspec)
	MyFile.WriteLine("Root Folder Path = " & folderspec & "\")
	MyFile.WriteLine(" ")	
	MyFile.WriteLine(" ")		
	Dim objFSO, objFolder, objSubfolder, colSubfolders, iduser, idlist, Size
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objFolder = objFSO.GetFolder(folderspec)
	Set colSubfolders = objFolder.SubFolders
	For Each objSubfolder In colSubfolders
    		iduser = objSubfolder.name
		If UserExists(iduser,sDisplayName) Then
			'User does exist, so could do something here if we want to.		
			'wscript.echo "AD Account found for " & iduser & "  " & sDisplayName
		Else
  			idlist = idlist & iduser & "   - Folder Size (MB) =  " & FormatNumber(((objSubFolder.Size/1024)/1024),2) & vbCrlf
  			Size = FormatNumber(((objSubFolder.Size/1024)/1024),2) 'Get running Total Folder Size
  			Result = Round(Result,2) + Round(Size,2)
  		End If
	Next

	MyFile.WriteLine(idlist)
	MyFile.WriteLine("-----------------------------------------------------------------------------")
	MyFile.WriteLine("Total Data (MB) = " & result)
	MyFile.WriteLine("-----------------------------------------------------------------------------")
	MyFile.WriteLine(" ")
	MyFile.WriteLine(" ")	
	size = "0"
End Sub


Function UserExists(sUser,sDisplayName)
  Dim oConnection, oCommand, oRoot, sDNSDomain, sQuery, sFilter, oResults
  UserExists = False
  sDisplayName = sUser
  On Error Resume Next
  ' Use ADO to search the domain for all users.
  Set oConnection = CreateObject("ADODB.Connection")
  Set oCommand = CreateObject("ADODB.Command")
  oConnection.Provider = "ADsDSOOBject"
  oConnection.Open "Active Directory Provider"
  Set oCommand.ActiveConnection = oConnection
  ' Determine the DNS domain from the RootDSE object.
  Set oRoot = GetObject("LDAP://RootDSE")
  sDNSDomain = oRoot.Get("DefaultNamingContext")
    sFilter = "(&(ObjectClass=user)(ObjectCategory=person)(samAccountName=" & sUser & ")(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))"
  sQuery = "<LDAP://" & sDNSDomain & ">;" & sFilter & ";displayName;subtree"
  oCommand.CommandText = sQuery
  oCommand.Properties("Page Size") = 100
  oCommand.Properties("Timeout") = 30
  oCommand.Properties("Cache Results") = False
  Set oResults = oCommand.Execute
  Do Until oResults.EOF
    if oResults.Fields("displayName") <> "" then
      sDisplayName = oResults.Fields("displayName")
      UserExists = True
    End if
    oResults.MoveNext
  Loop
  On Error Goto 0
End Function
  

'Code to send email message with attachement
Function enotify(EmailAddress, strFileAttach)
Set objMessage = CreateObject("CDO.Message") 
objMessage.Subject = "User Folders with Disabled or NO AD User Account"
objMessage.From = "reportsender@domain.com" 
objMessage.To = EmailAddress
objMessage.TextBody = "Report showing User Folders with Disabled or NO AD User Account."
objMessage.AddAttachment strFileAttach
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "x.x.x.x"
'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 
objMessage.Configuration.Fields.Update
'==End remote SMTP server configuration section==
objMessage.Send
End Function

Open in new window

0
 

Author Comment

by:llarava
ID: 41758753
oBdA,

So the csv has a header line, and the column is called samAccountName? yes, I have remove it. Basically all the CSV has at this point is just usernames:

username1
username2
etc...

I've tried the following:

Import-Csv C:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\share\user\$($_.SamAccountNa
me)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}}

No errors but I don't get any output back...

What am I missing?
0
 

Author Comment

by:llarava
ID: 41758757
Additionally I've tested the following

Import-Csv C:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\share\user\$($_.SamAccountNa
me)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" }

...no errors but the home user folder it's not being renamed.
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 41758885
Don't remove the header line. Without the header line, Import-Csv won't know the column name(s). I was only wondering about the "-----" line - this shouldn't be in the file.
If you'd rather work with a file only containing user names, the script would look like this (the "$($_)" will be replaced with the user name from the file):
Get-Content D:\Temp\DisabledAccounts.txt | % {If ($Path = Get-Item "\\<Server>\<Share>\$($_)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}} 

Open in new window

0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now