I have a bit of an efficiency obsession! Power bills, navigation, and drive space are a few of my focuses. As this is a tech blog, I won’t tell you what to set your heat on in the winter (58) or the quickest way to the line of totality in 2024 (yes, I’m counting down). I will tell you that you should automatically be decommissioning old user accounts and the personal content that they created.
We have covered the first part before. It is fairly easy to add a remove-object line to any decommissioning scripts that you use. In an existing environment, you may have a lot of home folders that have been orphaned. These folders sit on a share but they do not have a corresponding user account attached to them. To fix that, we can use the script below to compare folder names on a home folder/folder redirection share against AD user accounts. If the account does not exist, we can remove the folder (or move it to an offline location).
#This should point to the root of a home folder/FR share. Subfolders in this folder match AD account usernames. $Folders = get-childitem \\SERVER\SHARE\FOLDER\ $NamesToIgnore = "Jmoody" $FoldersToBeRemoved = @() foreach ($Folder in $Folders){ $Username = $Folder.Name if ($NamesToIgnore -notcontains $Username){ $UsernameCheck = Get-ADUser -Identity $Username -Properties * -ErrorAction SilentlyContinue if ($? -eq $false -and $Username -notlike $NamesToIgnore){ $FoldersInformation = @{"Folder Name"=$Username;"Folder Path"=$Folder.FullName;"Last Write Time"=$Folder.LastWriteTime} $FoldersToBeRemoved += New-Object -TypeName psobject -Property $FoldersInformation Write-Host $Username pause Remove-Item $Folder.FullName -Recurse -Force -Verbose -WhatIf } } } $FoldersToBeRemoved | Out-GridView
This script does have a few safety features. First, it will allow you to mark out some folder names (in case you have shared FR folders). Second, it will display the home folder that will be deleted and prompt you to continue the script. Finally, the remove-item line contains a -whatif parameter. Once you are comfortable with this script and have a valid backup, remove the -whatif parameter. When you run this script, you will see errors from Get-ADUser when it can’t find a user account. I left these errors visible as I wanted to see the search being performed.
Enjoy the efficiency!
How do i limit this to searchbase or add disabled users only. for example keeping the AD Object in disabled OU and moving the home directory.
Hi Joseph,
I have this obsession too. Which made me want to automate this. Thank you for your inspiration, which gave me a clean user home directory structure!
Let’s say, the user is not in AD anymore. Let’s get started.
#import the ActiveDirectory Module
Import-Module ActiveDirectory
$ADServer=”AD01″
$searchbase=”DC=DOMAIN”
$users = Get-ADUser -Filter * -server $ADServer -SearchBase “$searchbase” | sort-object SamAccountName | ForEach-Object {$_.SamAccountName}
foreach ($user in $users ) {
#This should point to the root of a home folder/FR share. Subfolders in this folder match AD account usernames.
$Folders = get-childitem \\SERVER\SHARE$\
$NamesToIgnore = “$user”
write-host Names to Ignore: $NamesToIgnore
$FoldersToBeRemoved = @()
foreach ($Folder in $Folders){
$Username = $Folder.Name
if ($NamesToIgnore -notcontains $Username){
$UsernameCheck = Get-ADUser -Identity $Username -Properties * -ErrorAction SilentlyContinue
if ($? -eq $false -and $Username -notlike $NamesToIgnore){
$FoldersInformation = @{“Folder Name”=$Username;”Folder Path”=$Folder.FullName;”Last Write Time”=$Folder.LastWriteTime}
$FoldersToBeRemoved += New-Object -TypeName psobject -Property $FoldersInformation
Write-Host Deleting Home folder for $Username
pause
write-host Removing Folder and Files in: $Folder.FullName
Remove-Item $Folder.FullName -Recurse -Force -Verbose -WhatIf
}
}
}
}
$FoldersToBeRemoved | Out-GridView
I am glad that it worked for you! Thank you for posting your modified script!!