Script to get orphaned home folders and folder size

This script queries AD with the name of the home folder. If this query does not result in an account or a disabled account the script will list the folder size with the folder path and error message.

 
 
 
 
 
4.3 Star
(12)
8,821 times
Add to favorites
Active Directory
9/23/2015
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Modify Searchbase to a User Group
    1 Posts | Last post June 29, 2016
    • Is there any way to modify the searchbase to search a user group instead of an OU (specifically a User group with a whole lot of nested groups)?
      
      EG Searchbase would be 'LDAP://CN=Usergroup,OU=Dept,dc=domain'
  • Adding a domain suffix or prefix
    2 Posts | Last post June 21, 2016
    • Hi Jaap,
      I have been working with your script on a few domains, and its working great, as long as the naming convention applies to the script limitations.
      however, i am not getting it to work if you have the domain inside the folder.
      To detail you a bit more, i am trying to work with it on a citrix profile share(it works when samaccountname is the same as the folder name), but unfortunately, i have the situation where the folder name is samaccountname.domain or domain.samaccountname.
      
      Can you help with that, if possible?
      
      Thanks in advance!
    • I copied the below from Bryan13254 (thank you!) and it works when you have samaccountname.domain as subfolder name, but it would be nice if we can have a switch of some sort to modify these?
      
      Changed $CurrentPath = Split-Path -Path $_ -Leaf to $CurrentPath = (Split-Path -Path $_ -Leaf).split(".")[0] 
      
  • Target only accounts with specific AD attributes
    1 Posts | Last post May 13, 2016
    • Hello Jaap, this script has already helped me save so much time on my current project, so thanks so much.
      
      When it comes time to actually implement the moving of the folders, (at the moment I am just auditing) I need to stage this by department and also comply with our internal data retention policies around how long we need to keep data after a user has left. I am wondering if it would be possible to add in a switch or switches to target only disabled accounts that also return a specific attribute or attributes (such as Department and LastLogonDate).
      
      For example, how could I target only disabled accounts with a Department attribute set to "IT" and and "LastLogonDate" more than 12 months ago? I would first target the orphaned folders only to get them out of the folder structure, but then I imagine using a command line something like this:
      
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home -MoveFolderPath \\Server03\Fileshare\MovedHomeFolders -MoveDisabled -Department IT -LastLogonDate "13/05/2015 09:00:00"
      
      Thanks! I hope you can assist...
      
  • Addition for profiles with .v2
    2 Posts | Last post March 07, 2016
    • Hi,
      
      i just wanted to let you know that i've made a small adjustment on line 146.
      
      Changed $CurrentPath = Split-Path -Path $_ -Leaf to $CurrentPath = (Split-Path -Path $_ -Leaf).split(".")[0] 
      
      This will split the .v2 of .v5 from profile folders. And with this change i can now proces homedrives and profilefolders.
      
      Thanks for this awesome script!
    • Excellent, glad to hear you resolved your issue this way and thanks for sharing your solution. Happy scripting Bryan!
  • XLS-output rather than promt
    4 Posts | Last post January 13, 2016
    • I am somewhat into powershell though mostly i use existing scripts i modify to achieve my goals.
      In this case i don't see how to change the way the script reports so that i can have a XLS/CSV or as i would like it an existing table in a DB. Can this be done simply?
      
      Or could you incorporate some sort of way to have the script accept an argument for CSV or XLS-output?
      
      Thanks though so far for a great script :-)
    • Although I could make the script generate its own csv file, but my preferred method of scripting is to ensure that my scripts output structured objects. This script also outputs an array of structured objects, because of this it is easily possible to generate any kind of output you desire, for example:
      
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home | Export-Csv YourFile.Csv
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home | ConvertTo-JSON
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home | ConvertTo-Html
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home | Export-CliXML YourFile.xml
    • i ended up with this code:
      
      $AppInsert = "INSERT INTO Applikationer (Applikation,Version,Datornamn,tidpunkt,AppGUID) VALUES ('$AppDisplayName','$AppVersion','$ComputerName','$Now','$AppGUID')"
      $AppRow = WriteMySQLQuery $conn $AppInsert
      
      as you can see there is code missing (this can be found if you search for mysql and powershell from either google or bing) but i actually made this work!
      
      so great script now working perfectly for my intentions :-)
      thanks for the answer though, i could use it in another script i'm working on
                  
    • Excellent and thanks for sharing your solution I appreciate that!
  • Home directory not matching username
    6 Posts | Last post December 15, 2015
    • Just had couple of users reporting they were missing their home folders. Looking at their AD accounts, their home folders were not matching their samAccountnames and the script had moved their folders (no fault of the script as it did what it was supposed to do). I would imagine these users got their usernames changed (probably when they got married) but their home folders were left as it is.
      
      I was wondering if there was a better way of achieving this to make it fool proof? May be, instead of checking the home folder against the username, would it be possible to check if the folder is tied down to any AD account? Or any other better way to check this? I am not sure how difficult this is to achieve, just as a suggestion :)
    • That is correct, because there does not have to be a direct correlation in Active Directory to the Home Folder and the samaccountname which is what this script checks against. An alternative solution for example would be to compare the folder names to the homeDirectory attribute in Active Directory.
      
      All-in-all I would recommend checking the output of the script first before initiating the move folder procedure. If there are any users that should not be moved I could include an exclude parameter.
    • Definitely.. Lesson learnt the hard way! Luckily I didn't have many users who had their home folders different to their samaccountnames. I did an excel compare and moved all of them back. If an exclude parameter can be included in the future release, that would be helpful :)
      
      Once again, thanks again for this brilliant script!
    • Cool, I have updated the script to version 1.7 with an ExcludePath parameter which can take an array of paths which should be excluded from the results. Let me know how that works for you!
    • Hi Jaap,
      
      I came across your script when I was trying to do something similar.  I just did the whole thing as a one liner to get all the orphans and list their content. Mine is not as fancy as yours.  I then wanted to use your script but found that it had a similar issue to what I originally had. I see you have since made provision for that with the -CheckHomeDirectory parameter.
      
      I had written a similar script but search AD for the full HomeDirectory path to see if there was an account, because I also found that searching for a useraccount with the foldername gives a false impression.  I would suggest that your script should perhaps rather by default search AD to see if the full path exist as a property for a user account.  If one does not use the -CheckHomeDirectory by default, one will run into the same issue as mshajin.
      
      #search full homedirectory (In my script I used the get-aduser method, but wrote example below in your way)
      #my way
      get-aduser -filter * -Properties HomeDirectory|where {$_.HomeDirectory -eq '\\Domain.com\homefolders\city\obrits'}
      
      #suggest for your way
      $ADSearcher = New-Object DirectoryServices.DirectorySearcher -Property @{Filter = "(homedirectory=$('\\Domain.com\homefolders\city\obrits' -replace '\\','\5C')*)"};$ADResult = $ADSearcher.Findone();$ADResult
    • Hello OckertBrits,
      
      Thanks for the feedback, I do think however this script should not be taken as a 100% accurate solution for detecting orphaned folders. It is more of an indication of which folders to look at.
      
      From that point of view, looking at two things: The samaccountname and the homedirectory property in Active Directory are in my opinion equally accurate, it depends on the implementation of the company which one is more accurate.
      
      For your script I would recommend filtering when using the Get-ADUser cmdlet, at the moment you retrieve all users and then filter the HomeDirectory. This is a bit of an expensive  operation and could be improved by adding in a filter.
  • .V2 Solution
    5 Posts | Last post December 14, 2015
    • Firstly, this script is awesome.  It does everything it should do for home folders.  The .V2 issue only arises when trying to extend it to profiles.
      
      That being said, adding a line of code to the script will fix the .V2 issue and allow the script to do the same function with profiles it does with home folders:
      
      $ListOfFolders | ForEach-Object {
          $CurrentPath = Split-Path -Path $_ -Leaf
          $UsePath = $CurrentPath.TrimEnd(".V2")
          $ADResult = ([adsisearcher]"(samaccountname=$UsePath)").Findone()
      
      This addition has been tested and it works like a charm!
    • Excellent, that is a good addition if the foldername does not match the sam attribute. I could include a parameter that would allow regular expressions for replacing certain parts of the folder name in order to be able to match it to an object in Active Directory.
      
      Is that something that would be useful to you, or are you happy with the way it works for you now?
    • How would I be able to extend this to profiles?  I've seen the above adaption for the script but where would that part of the script go? 
      
      Thanks
    • Thank you, Jaap Brasser, for your great script, it helps a lot with my work.
      And thank you, Kevin_Dew, for additional strings, but it works not correct. If there is symbols "v" or "2" at the end of login/name of folder - the script also trims it, and shows, that account does not exist.
      Instead the string
      $UsePath = $CurrentPath.TrimEnd(".V2")
      I use the string
      $UsePath = $CurrentPath -replace "\.V2"
    • Hello Scaner,
      
      You currently no longer have to change lines in the script, as I have implemented a newer version of the script, version 1.9 that supports stripping file names both with regex and exclusion based on absolute path. Here are two examples of how to use the script for this purpose:
      
      .EXAMPLE   
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home -MoveFolderPath \\Server03\Fileshare\MovedHomeFolders -ExcludePath \\Server02\Fileshare\Home\JBrasser,\\Server02\Fileshare\Home\MShajin -UseRobocopy
      
      Description:
      Will list all the folders in the \\Server02\Fileshare\Home folder and will move orphaned folders using robocopy, excluding JBrasser and MShajin, to \\Server03\Fileshare\MovedHomeFolders while displaying results to console
      
      .EXAMPLE   
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home -MoveFolderPath \\Server03\Fileshare\MovedHomeFolders -ExcludePath '\.v2$' -RegExExclude
      
      Description:
      Will list all the folders in the \\Server02\Fileshare\Home folder and will move orphaned folders using robocopy, excluding folders that end with .v2
      
  • List AD users without matching home directory
    2 Posts | Last post November 18, 2015
    • Can this be reversed to list users in AD without a matching directory in a path?  Would like to find users without terminal server profile directories which are defined by a folder redirection GPO, not a setting on their user account.
    • Well not in this scripts, as this script is for finding folders that do not have users in AD, you could however run something along these lines:
      
      ([adsisearcher]'(&(objectclass=user)(objectcategory=person))').FindAll() | ForEach-Object {
          $CurrentUser = -join $_.properties.samaccountname
          [pscustomobject]@{
              User = $CurrentUser
              LDAPPath = $_.Path
              Server01Path = Test-Path -Path "\\server01\share\TerminalServerProfiles\$CurrentUser"
              Server02Path = Test-Path -Path "\\server02\share\TerminalServerProfiles\$CurrentUser"
          }
      }
  • Limit to a single OU
    6 Posts | Last post November 18, 2015
    • Love the script but I found a small issue with it in my enviroment. Would it be possible to limit this search to a single OU. We have Multiple OU's with Users in them. The home drives are stored at different locations for each OU however the script is looking at all the OU's to find the samaccountname. So it's not finding some orphan's. 
    • I do not directly see how having multiple OUs would limit the script from finding the correct user account since. I do agree that having it query against the entire directory when the OU is already known is a bit wasteful and because of this I have implemented the -SearchBase parameter.
      
      Let me know how it works for you and download version 1.9, here is an example of how to use it:
      
      .\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server01\Home -SearchBase 'LDAP://OU=YourOU,DC=jaapbrasser,DC=com'
    • Thank you the new script worked perfectly! I should have explained my situation better. I only have control over my OU lets say OU=Montana and I had a user leave with a samaccountname of jsmith and his home folder wasn't deleted. Then another location lets say Florida so OU=Florida has a new hire and the account gets created with the samaccountname = jsmith. The script would find the user in the Florida OU and would match the home folder to that user. Again Thank you so much for changing the script.
    • No problem, I am glad to hear that you tested it and that it works as intended! Thanks for the explanation, it is interesting to hear how you are using the script and indeed in this scenario the OU filtering can be useful.
      
      Happy scripting!
    • Awesome Thanks for sharing and providing me the input and your work around solution. 
    • No problem at all, glad to help out Jayrob!
  • Scan mutiple folders at the same time
    2 Posts | Last post October 05, 2015
    • Jaap,
      This is an awesome script and thank you for sharing it with the community. One thing that I am trying to adapt this to is be able to scan multiple shares at the same time.
      //Server/Employees/administration
       //Server/Employees/it
       //Server/Employees/business 
      I tried using an array for the path.
      Any suggestions?
      Thanks,
    • Indeed, that would not work because the function is not built to support an array of paths. You can work around this issue by using the ForEach-Object cmdlet. Here is an example of how you could do this:
      
      '//Server/Employees/administration','//Server/Employees/it','//Server/Employees/business' | ForEach-Object { .\Get-OrphanHomeFolder.ps1 -HomeFolderPath $_ -FolderSize }
      
11 - 20 of 37 Items