Advice please :D

Welcome Forums General PowerShell Q&A Advice please :D

This topic contains 3 replies, has 2 voices, and was last updated by

 
Participant
3 weeks, 2 days ago.

  • Author
    Posts
  • #112730

    Participant
    Points: 0
    Rank: Member

    Hi All!

    Hope you are having a great day. Bit of background...

    There is a folder share on a server, that needs housekeeping. It holds old Roaming profiles that need to be cleared out and also live profiles.

    I've been asked to create a script that compares the folder names (each named after their SamAccountName) to our AD environment, if they no longer exist in AD, purge the folder from the share.

    I'd just like to know (while i'm waiting for AD role to be added to target server) if my code would, so far, at least tell me correctly if a user exists. If that makes no sense, let me know and i'll try and expand.

    
    $s = New-PSSession -ComputerName mcrfs16 -Credential ***\***
    
    Import-Module ActiveDirectory
    
    Invoke-Command -Session $s -Scriptblock {
    
    D:
    
    cd .\Profiles\
    
    $files = @(Get-ChildItem)
    
    # $DeletionFiles = @(import-csv ~\Downloads\NotInAD.csv)
    
    $files.Name | ForEach-Object {
    
    $accountnames = Get-ADUser -Filter * | Select-Object -Expand SamAccountName |
    
    Where-Object {$accountnames -notcontains $_.Name | Write-Error "User" $accountnames "Does not exist"}
    
    }
    
    }
    
    

    Once i'm confident of the following, i might be back to try and figure out how to delete the non-existing folders!

    Many thanks 😀

  • #112753

    Participant
    Points: 0
    Rank: Member

    Ok, so i've changed to running the script locally on the server for now, so don't worry about the PSSession – I'm trying to get the where-object working and give me some sort of indication that the user does / does not exist, but so far all i'm getting is errors.

    Here's my current code

    
    Import-Module ActiveDirectory
    
    cd D:\Profiles\
    
    $files = @(Get-ChildItem)
    
    $files.Name | ForEach-Object {
    
    $accountNames = Get-ADUser -Filter * | Select-Object -ExpandProperty SamAccountName |
    
    Where-Object {$accountNames -notcontains $_.Name}  Write-Host "User " $accountNames " does not exist"
    
    }
    
    

    The corresponding error is:

    
    Where-Object : A positional parameter cannot be found that accepts argument 'Write-Host'.
    
    At line:10 char:9
    
    +         Where-Object {$accountNames -notcontains $_.Name}  Write-Host "User " $a ...
    
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    + CategoryInfo          : InvalidArgument: (:) [Where-Object], ParameterBindingException
    
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.WhereObjectCommand
    
    
  • #112765

    Participant
    Points: 0
    Rank: Member

    Your script logic would not work very well as you're grabbing EVERY user in AD and checking to see if the user exists for EVERY folder. Look at this simple solution to get a boolean (true\false) of a folder. I would recommend using your C:\Users on your desktop to test, it's the same principal.

    #Get the files
    $files = Get-ChildItem -Path 'D:\Profiles' -Directory
    #Use a calculated expression to see if the folder name exists as a samaccountname in AD
    $profiles = $files |
                Select *,
                       @{Name='ExistsInAd';Expression={[bool]([adsisearcher]"samaccountname=$($_.Name")).FindOne()}}
    
    #Delete the profiles with no AD samaccountname
    $profiles | Where{$_.ExistsInAd -eq $false} | Remove-Item -Recurse -Force -WhatIf
    

    If you look at the $profiles, you can review account that do not exist:

    PS H:\> $profiles | Where{$_.ExistsInAd -eq $false} | Select Name, FullName | ft -AutoSize
    
    Name                 FullName                     
    ----                 --------                     
    .NET v4.5            C:\Users\.NET v4.5           
    Public               C:\Users\Public              
    TEMP                 C:\Users\TEMP                
    

    Then change the where to Where{$_.ExistsInAd -eq $true} to validate the accounts that DO exist. The script also has a -WhatIf on Remove-Item, so it will only tell you what would be deleted and not perform the actual delete. When you have tested, and then test again, and again then you just need to remove the -WhatIf switch to perform the delete.

  • #112819

    Participant
    Points: 0
    Rank: Member

    Hi Rob,

     

    That's great thank you! I looked at the complications of the script i made and had some adjustments too, i now have:

    
    Import-Module ActiveDirectory
    
     
    
    $files = @(Get-ChildItem)
    
     
    
     
    
    foreach ($f in $files)
    
    {
    
     
    
    try {
    
    Get-AdUser -Identity $f.name
    
     
    
    Write-Host "User $($f.name) exists"
    
    } catch {
    
    Remove-Item  $f.Name -recurse -Confirm:$false -WhatIf
    
    }
    
    }
    
    

    This seems to work, tested with the -WhatIf also – thank you for your input 😀

You must be logged in to reply to this topic.