Of course, as usual, most of my problem at the moment is accounting for all oddities in organization. For example, for us, your AD login is supposed to be the same as your home profile, so - theoretically - I should be able to read a folder name of "Leone"; look in AD for an account "Leone", and I have a match!
Except, of course, some of the old time employees (folks here longer than 10 years) had accounts set up before they implemented this policy. So I have users with an AD account of 'Richard", who have a home folder of "Smith". Which means, if I don't get a match searching for an account of "Smith", I have to search a 2nd time, this time for a home folder of "Smith", and then return "Richard". And sometimes my guys have misspelled a user's home holder during creation. Then they go back into AD and correct it ... but never remove the misspelled folder name. So now I have folders that don't match AD either for account nor for home folder, but yet still do have valid users in the security permissions. :-) Checking for exceptions like this takes more time, than just writing code to get the list of folders matching the criteria I want ... On Wed, Apr 22, 2015 at 2:43 PM, Michael Leone <[email protected]> wrote: > So we have a file server, whose main function is to hold user home > folders. Now, when users leave the company, we have a protocol to use > (disable user in AD; move to special OU; every few months, we delete > those accounts of ex-employees). What we don't seem to do is do > anything with the user's home folder. So I end up with folders that > have ACLs that still point to non-existent SIDs. And I want to > enumerate these, so I can make a special backup, then delete these > folders, for space reasons. > > I know I can do: > > $ACL = Get-ACL <filepath> > $ACL.Access | Select-Object -ExpandProperty IdentityReference > > and it lists just the user/group that has access And one is just a > SID, of course, because the AD account has been deleted. > > So what I need to do is produce a report of all folders that have just > a bare SID in the ACL. (eventually, we will take ownership of said > folder, and then move the contents to a special folder; back it up; > then delete it). > > So what would be the best way to do this - get a list of folders with > a bare SID? Is what I show above a good way (with a WHERE clause, > etc), or is there a better way? > > Thanks ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
