Problem with checking AD user against homefolder

This topic contains 19 replies, has 4 voices, and was last updated by Profile photo of Nille Falk Nille Falk 10 months ago.

  • Author
    Posts
  • #34740
    Profile photo of Nille Falk
    Nille Falk
    Participant

    Hi,

    I'm trying to create a script that checks in AD, for users with corresponding homefolder names in a specific share. My problem with the script is that the samaccountnames are slightly different from the homefolder names.

    Example:
    AD-Account: xzxzxz
    Homefolder: xzxzxz.xz

    The difference here, is that the homefolders end with ".xz" but it has the same samaccountname.

    How can i change the below script so that it searches for AD accounts that can find users with the same samaccount names and check it with the homefolders that end with ".xz"?

    Script, see below.

    add-pssnapin quest.activeroles.admanagement

    $users = Get-QADUser -SizeLimit 0 -HomeDirectory * -DontUseDefaultIncludedProperties -IncludedProperties SamAccountName,HomeDirectory -SerializeValues

    Get-ChildItem \\servername\xxx\homeshare | Where-Object {$_.PSIsContainer } | Foreach-Object{

    $dir = $_

    $dir | Select-Object Name,FullName,@{n='ADUserExist';e={if($users | Where-Object {$_.SamAccountName -eq $dir.Name}) {$true} else {$false} }}

    }

    Would appreciate any help towards solving this, I still know way to little about power shell to figure it out myself and I have tried a lot. I don't want to go through the hassle of renaming all of the folders.

    Thanks in advance!

  • #34741
    Profile photo of Dan Potter
    Dan Potter
    Participant

    'danpotter' -eq ('danpotter.xz' -replace '.xz')

  • #34744
    Profile photo of Nille Falk
    Nille Falk
    Participant

    Like the below then? Or am I totally of the line at what you reffered to?

    $dir | Select-Object Name,FullName,@{n='ADUserExist';e={if($users | Where-Object {$_.SamAccountName -eq ('$dir.xz' -replace '.xz')}) {$true} else {$false} }}

    Thanks for your help, really appreciate it!

  • #34748
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    try this

    $users = Get-ADUser -Filter *  -Properties SamAccountName,HomeDirectory | ?{$($_.HomeDirectory) -like "*$($_.SamAccountName)*"} | Select SamAccountName,HomeDirectory 
    

    this will store in a variable just the Samaccount name and HomeDirectory where home directory contains the Samaccount name if you are looking for a positional match let me know.

    example

    SamAccountName                             HomeDirectory                   
    --------------                             -------------     
    doej                                     \\server\home$\doej.pn
    smithd                                 \\server\home$\smithd.pn
    
  • #34750
    Profile photo of Nille Falk
    Nille Falk
    Participant

    Thanks! I will try both of the suggestions tomorrow.
    Would really appreciate if you mention what parts in the script has to be changed, and why, so that I understand it as well. I learn as I try, but some parts are hard to figure out by myself.

    If anybody has any more suggestions I would greatly appreciate the help 🙂

    Thanks yet again!

    EDIT: You were faster than me Mark, thanks for the example and explanation. I will try it and get back with my results 🙂 Really appreciated!

  • #34751
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    If you want to match only home folders that have a samaccount.xz

    change the trailing wild card * with .xz

    example
    This will find any homedirectory with samaccount name any where in it.
    ?{$($_.HomeDirectory) -like "*$($_.SamAccountName)*"}

    This will only match homedirectorys with samaccountname.xz on the end of it.
    ?{$($_.HomeDirectory) -like "*$($_.SamAccountName).xz"}

  • #34752
    Profile photo of Dan Potter
    Dan Potter
    Participant

    Any time you use a 'where' your command has to evaluate every single user in the directory for that condition. Very inefficient for large organizations. Use the filter.

    Get-ADUser -Filter "samaccountname -eq 'superman'"

    Get-ADUser -Filter * | ? {$_.samaccountname -eq 'superman'}

    correct me if I'm wrong. If all users have a home directory of sam.xyz than evaluating sam -like *sam* would always be true, no?

  • #34753
    Profile photo of Nille Falk
    Nille Falk
    Participant

    Aah, great I understand it better now, thanks a lot Mark! I will get back to you how it works.
    Really appreciated! 🙂

  • #34754
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    Dan is correct I'm not sure how to use the filter to compare two different properties. if you know of a way I would like to learn also.

    Dan I thought he wanted to collect the matches into an object to do something with.

  • #34759
    Profile photo of Dan Potter
    Dan Potter
    Participant

    The filter takes scripts although I'm still missing the intent here. If the homedirectory attribute is populated there is a corresponding folder in most cases.

    These two conditions would be the same account so I wouldn't need to evaluate both.
    get-aduser -Filter {(samaccountname -eq 'batman') -and (homedirectory -like "*batman*")}

    I read the question four times.. seems the route you want to go would be test-path homedirectory

  • #34761
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    Your evaluating a static batman but I think he wants to evaluate the two properties i.e. Variables (homefolder -like '*sameaccount*')

    So out of all users in ad he wants to find only the ones that have a home folder consisting of the Sam account name. At least that's what I think he is wanting. Other wise he will get an out put of true true false and that's useless unless there is more to the code we are missing?

  • #34763
    Profile photo of Nille Falk
    Nille Falk
    Participant

    Hmm, I see Dan. Thanks for the explanation.
    I will try to explain what I am trying to achieve a little bit better.

    The purpose is to find out what homefolders doesn't have any corresponding user in AD, in an attempt to do a big clean up in the homefolder share.

    The problem is, that the naming standard in the homefolder share isn't exactly the same as the samaccount names are for the AD-accounts, so I can't do a simple check to verify whether there exist an AD account with the same name as a homefolder, because all of the homefolders ends with samaccountname.z53 instead of only samaccountname

    I hope this explains my question better and hopefully that you guys can help me out here, because I keep scratching my head.

    Thanks a lot for all your help so far!

    @Mark

    What I want it to do, is for the value to give a True value when it finds a homefolder that has the same samaccount name as the folder does and give a false value when it doesn't find any AD-user with the same name as a homefolder, so I know if the homefolder can be removed or not. But the problem is that I can't understand how to do this, since the homefolder names end with ".xz" instead of just having the exact same name as the samaccount name for the AD account.

    I hope you guys understand me better now.

  • #34766
    Profile photo of Nille Falk
    Nille Falk
    Participant

    So basically, I want the script to be able to check the homefolder share against the users samaccount name, against the folders that have the samaccount name in it, and disregard the .xz at the end so that I can find out which users actually have a homefolder, but doesn't exist in the AD anymore. Therefore having the "True" and "False" value to show me the information whether it finds a corresponding user in the AD or not.

    I hope you understand what I'm trying to explain, without making you guys even more confused 🙂

  • #34767
    Profile photo of Dan Potter
    Dan Potter
    Participant

    Ok, easy enough.

    option 1. Not ideal. Get your path from the server, look for the user with that path.
    [bool](get-aduser -Filter "homedirectory -eq $path")

    option 2. This is the way I would do it. Get all the mappings and eliminate those that are not.
    test-path (get-aduser myusername -properties homedirectory).homedirectory

    More code involved but this gives you a start, you'll have to figure out how to deal with true and false.

    if(get-aduser -Filter "homedirectory -eq $path"){}else{delete or move folder}

  • #34768
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    Ahhhh so you are wanting to find folders on a server and compare to ad accounts

    Maybe something like this. This only works if the folder only has user accounts. Go with Dan's solution I see issues with mine and I'm on an iPad won't be able to test till tomorrow

    $paths = Get-childitem -path \\server\home$\
    
    Foreach($path in $paths){
    $user = Get-aduser ($path.substring(0,$path.length - 4) -properties homefolder | select homefolder
  • #34769
    Profile photo of Nille Falk
    Nille Falk
    Participant

    Yeah, exactly, I want it to find folders on a server and compare it to ad accounts.
    But my problem is that the accounts and folders doesnt have the exact same name.
    The only difference in the naming standard is that the homefolders have .xz at the ending of the folders instead of just "nameofadaccount" it is named "nameofadaccount.xz".

    That's what I want to achieve 🙂

    Edit: and still a big thanks for trying to help me out solving this guys. It's really bugging me out. Still learning and having hickups. But that's what I Iove about PS, can't ever learn enough, hehe.

    Edit 2: Maybe I didn't make it clear enough, hard to explain. But I want this check to be against every AD user account and not a single account, one at a time.

  • #34775
    Profile photo of Dan Potter
    Dan Potter
    Participant

    String manipulation is top priority when learning powershell. I gave you a method above to remove the trailing .xyz. That said it's not necessary.. You can get a list of the directory paths and search for the user account filtering the homedirectory attribute.

    Problem is it is very slow. What I would do is get a list of directories and a list of adusers with the homedirectory and compare the two.

  • #34808
    Profile photo of Nille Falk
    Nille Falk
    Participant

    @Dan, sorry for the late reply.

    Thanks for your answer. Yeah, you are correct. I have actually pulled out a list of the directories and users and I will look into what the fastest and easiet way to compare these two are.

    Thanks for all your help! 🙂

  • #34842
    Profile photo of Dan Potter
    Dan Potter
    Participant

    Fastest and easiest.

    $adhomedir = (get-aduser -Filter * -properties homedirectory).homedirectory
    $homedir = get-content homedir.txt

    $homedir | ? {$_ -notin $adhomedir}

    inverse

    $adhomedir | ? {$_ -notin $homedir}

  • #34903
    Profile photo of Nille Falk
    Nille Falk
    Participant

    Thanks a lot Dan, worked exactly as I wanted it to!
    Have a great day and thank you once again!

You must be logged in to reply to this topic.