Looking for a way to find if the AD disabled accounts have HOME folders in a specific CIFS share

Posted on 2016-08-15
Last Modified: 2016-08-21
Hi Experts,

I need help with the following:

I am working on the migration of a USER home directory CIFS share (very large). No clean up has been done since this was implemented and there are a lot of users that are disabled in AD but they still have their home folders as part of the CIFS share.

I've used PS to find all the AD disabled accounts. I am trying to find a way to see if those accounts have a folder that matches the name in a specific CIFS share (\\user\user\). If they do it would be great if they could be renamed to username_old or create a log somewhere for me to be able to trigger an action.

I currently have all the AD disabled account  information in a CSV file with the format below.

Could anyone let me know if there is a way for me to get this done without having to manually check over 4000 accounts?
--------------------------CSV looks like this
Question by:llarava
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 85

Expert Comment

ID: 41756966
So the csv has a header line, and the column is called samAccountName? And if it's a real csv, then you inserted the "--------------" line when posting it here?
This is in test mode and will only show which folders it would rename; remove the -WhatIf argument to run it for real.
It adds _old_ at the beginning of the folder name, so that you'll have all the old ones in a bunch when sorted.
Import-Csv D:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\<Server>\<Share>\$($_.SamAccountName)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}}

Open in new window

LVL 65

Expert Comment

ID: 41757341
Hi, here's an old crude script (VBS) that we run to check each folder from a share against a valid AD user.  It will then output the folder size of folder that does not have an associated AD enabled account.

'Set the Path and Name for LogFile for results.
strFileAttach = "C:\Reports\Size_Check.txt"
'Set the email address(s), use semicolon between multiple addresses.
EmailAddress1 = ""
'Open The LogFile to write data into
Const ForWriting = 2
Set FSO = CreateObject("Scripting.FileSystemObject")
Set MyFile = FSO.OpenTextFile(strFileAttach, ForWriting, True)
'Write some headings to the LogFile
MyFile.WriteLine(" ")
MyFile.WriteLine("Check User Folders with Disabled or NO AD User Account")
MyFile.WriteLine(" ")
MyFile.WriteLine(" ")	
'ADD PATHS HERE to Call SubRoutine to evaluate different root Paths
showfolderlist "\\fileserver\sharedfolder"
'Close text file
'Call the email function per user
enotify EmailAddress1, strFileAttach

'Cycle through root folders and get data on SUBfolders (the actual user folders)
Sub ShowFolderList(folderspec)
	MyFile.WriteLine("Root Folder Path = " & folderspec & "\")
	MyFile.WriteLine(" ")	
	MyFile.WriteLine(" ")		
	Dim objFSO, objFolder, objSubfolder, colSubfolders, iduser, idlist, Size
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objFolder = objFSO.GetFolder(folderspec)
	Set colSubfolders = objFolder.SubFolders
	For Each objSubfolder In colSubfolders
    		iduser =
		If UserExists(iduser,sDisplayName) Then
			'User does exist, so could do something here if we want to.		
			'wscript.echo "AD Account found for " & iduser & "  " & sDisplayName
  			idlist = idlist & iduser & "   - Folder Size (MB) =  " & FormatNumber(((objSubFolder.Size/1024)/1024),2) & vbCrlf
  			Size = FormatNumber(((objSubFolder.Size/1024)/1024),2) 'Get running Total Folder Size
  			Result = Round(Result,2) + Round(Size,2)
  		End If

	MyFile.WriteLine("Total Data (MB) = " & result)
	MyFile.WriteLine(" ")
	MyFile.WriteLine(" ")	
	size = "0"
End Sub

Function UserExists(sUser,sDisplayName)
  Dim oConnection, oCommand, oRoot, sDNSDomain, sQuery, sFilter, oResults
  UserExists = False
  sDisplayName = sUser
  On Error Resume Next
  ' Use ADO to search the domain for all users.
  Set oConnection = CreateObject("ADODB.Connection")
  Set oCommand = CreateObject("ADODB.Command")
  oConnection.Provider = "ADsDSOOBject"
  oConnection.Open "Active Directory Provider"
  Set oCommand.ActiveConnection = oConnection
  ' Determine the DNS domain from the RootDSE object.
  Set oRoot = GetObject("LDAP://RootDSE")
  sDNSDomain = oRoot.Get("DefaultNamingContext")
    sFilter = "(&(ObjectClass=user)(ObjectCategory=person)(samAccountName=" & sUser & ")(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))"
  sQuery = "<LDAP://" & sDNSDomain & ">;" & sFilter & ";displayName;subtree"
  oCommand.CommandText = sQuery
  oCommand.Properties("Page Size") = 100
  oCommand.Properties("Timeout") = 30
  oCommand.Properties("Cache Results") = False
  Set oResults = oCommand.Execute
  Do Until oResults.EOF
    if oResults.Fields("displayName") <> "" then
      sDisplayName = oResults.Fields("displayName")
      UserExists = True
    End if
  On Error Goto 0
End Function

'Code to send email message with attachement
Function enotify(EmailAddress, strFileAttach)
Set objMessage = CreateObject("CDO.Message") 
objMessage.Subject = "User Folders with Disabled or NO AD User Account"
objMessage.From = "" 
objMessage.To = EmailAddress
objMessage.TextBody = "Report showing User Folders with Disabled or NO AD User Account."
objMessage.AddAttachment strFileAttach
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("") = 2 
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("") = "x.x.x.x"
'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("") = 25 
'==End remote SMTP server configuration section==
End Function

Open in new window


Author Comment

ID: 41758753

So the csv has a header line, and the column is called samAccountName? yes, I have remove it. Basically all the CSV has at this point is just usernames:


I've tried the following:

Import-Csv C:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\share\user\$($_.SamAccountNa
me)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}}

No errors but I don't get any output back...

What am I missing?

Author Comment

ID: 41758757
Additionally I've tested the following

Import-Csv C:\Temp\DisabledAccounts.csv | % {If ($Path = Get-Item "\\share\user\$($_.SamAccountNa
me)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" } errors but the home user folder it's not being renamed.
LVL 85

Accepted Solution

oBdA earned 500 total points
ID: 41758885
Don't remove the header line. Without the header line, Import-Csv won't know the column name(s). I was only wondering about the "-----" line - this shouldn't be in the file.
If you'd rather work with a file only containing user names, the script would look like this (the "$($_)" will be replaced with the user name from the file):
Get-Content D:\Temp\DisabledAccounts.txt | % {If ($Path = Get-Item "\\<Server>\<Share>\$($_)" -ea si) {Rename-Item -Path $Path.FullName -NewName "_Old_$($Path.Name)" -WhatIf}} 

Open in new window


Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question