Find accounts with home folders by naming convention.

I found myself doing this today, basically we have a number of account types (service accounts, resource accounts) that should not have home directories. however, due to incorrect provisioning choices they do. We wanted to identify these so we could get rid of the attribute value on the account and blast those folders away.

I of course do everything connected to ActiveRoles through connect-QADService -proxy but I think this would work against your native AD also (correct me if I am wrong). You do need the Quest ActiveRoles Management Shell installed though:

Get-QADUser -SearchRoot “dc=doman,dc=com” -sizelimit 0 | Where-Object {($_.samaccountname -match “naming convention”) -AND ($_.homedirectory -ne $null)} | FL samaccountname,lastlogontimestamp,homedirectory,parentcontainer,accountisdisabled

This of course outputs right into the shell but it gives me at a glance the information I am interested in, so I can get a feel for how many accounts out there have a home folder when they shouldn’t, but also if they might be in use or something left over from ages ago. Of course, you can always pipe this to an output file if you need to keep it for action.


Categories: Active Directory, ActiveRoles, Powershell

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: