Problem with checking AD user against homefolder


I’m trying to create a script that checks in AD, for users with corresponding homefolder names in a specific share. My problem with the script is that the samaccountnames are slightly different from the homefolder names.

AD-Account: xzxzxz
Homefolder: xzxzxz.xz

The difference here, is that the homefolders end with “.xz” but it has the same samaccountname.

How can i change the below script so that it searches for AD accounts that can find users with the same samaccount names and check it with the homefolders that end with “.xz”?

Script, see below.

add-pssnapin quest.activeroles.admanagement

$users = Get-QADUser -SizeLimit 0 -HomeDirectory * -DontUseDefaultIncludedProperties -IncludedProperties SamAccountName,HomeDirectory -SerializeValues

Get-ChildItem \servername\xxx\homeshare | Where-Object {$_.PSIsContainer } | Foreach-Object{

$dir = $_

$dir | Select-Object Name,FullName,@{n='ADUserExist';e={if($users | Where-Object {$_.SamAccountName -eq $dir.Name}) {$true} else {$false} }}


Would appreciate any help towards solving this, I still know way to little about power shell to figure it out myself and I have tried a lot. I don’t want to go through the hassle of renaming all of the folders.

Thanks in advance!

‘danpotter’ -eq (‘danpotter.xz’ -replace ‘.xz’)

Like the below then? Or am I totally of the line at what you reffered to?

$dir | Select-Object Name,FullName,@{n=‘ADUserExist’;e={if($users | Where-Object {$_.SamAccountName -eq (’$dir.xz’ -replace ‘.xz’)}) {$true} else {$false} }}

Thanks for your help, really appreciate it!

try this

$users = Get-ADUser -Filter *  -Properties SamAccountName,HomeDirectory | ?{$($_.HomeDirectory) -like "*$($_.SamAccountName)*"} | Select SamAccountName,HomeDirectory 

this will store in a variable just the Samaccount name and HomeDirectory where home directory contains the Samaccount name if you are looking for a positional match let me know.


SamAccountName                             HomeDirectory                   
--------------                             -------------     
doej                                     \\server\home$\
smithd                                 \\server\home$\

Thanks! I will try both of the suggestions tomorrow.
Would really appreciate if you mention what parts in the script has to be changed, and why, so that I understand it as well. I learn as I try, but some parts are hard to figure out by myself.

If anybody has any more suggestions I would greatly appreciate the help :slight_smile:

Thanks yet again!

EDIT: You were faster than me Mark, thanks for the example and explanation. I will try it and get back with my results :slight_smile: Really appreciated!

If you want to match only home folders that have a samaccount.xz

change the trailing wild card * with .xz

This will find any homedirectory with samaccount name any where in it.
?{$($.HomeDirectory) -like "*$($.SamAccountName)*"}

This will only match homedirectorys with samaccountname.xz on the end of it.
?{$($.HomeDirectory) -like "*$($.SamAccountName).xz"}

Any time you use a ‘where’ your command has to evaluate every single user in the directory for that condition. Very inefficient for large organizations. Use the filter.

Get-ADUser -Filter “samaccountname -eq ‘superman’”

Get-ADUser -Filter * | ? {$_.samaccountname -eq ‘superman’}

correct me if I’m wrong. If all users have a home directory of than evaluating sam -like sam would always be true, no?

Aah, great I understand it better now, thanks a lot Mark! I will get back to you how it works.
Really appreciated! :slight_smile:

Dan is correct I’m not sure how to use the filter to compare two different properties. if you know of a way I would like to learn also.

Dan I thought he wanted to collect the matches into an object to do something with.

The filter takes scripts although I’m still missing the intent here. If the homedirectory attribute is populated there is a corresponding folder in most cases.

These two conditions would be the same account so I wouldn’t need to evaluate both.
get-aduser -Filter {(samaccountname -eq ‘batman’) -and (homedirectory -like “batman”)}

I read the question four times… seems the route you want to go would be test-path homedirectory

Your evaluating a static batman but I think he wants to evaluate the two properties i.e. Variables (homefolder -like ‘sameaccount’)

So out of all users in ad he wants to find only the ones that have a home folder consisting of the Sam account name. At least that’s what I think he is wanting. Other wise he will get an out put of true true false and that’s useless unless there is more to the code we are missing?

Hmm, I see Dan. Thanks for the explanation.
I will try to explain what I am trying to achieve a little bit better.

The purpose is to find out what homefolders doesn’t have any corresponding user in AD, in an attempt to do a big clean up in the homefolder share.

The problem is, that the naming standard in the homefolder share isn’t exactly the same as the samaccount names are for the AD-accounts, so I can’t do a simple check to verify whether there exist an AD account with the same name as a homefolder, because all of the homefolders ends with samaccountname.z53 instead of only samaccountname

I hope this explains my question better and hopefully that you guys can help me out here, because I keep scratching my head.

Thanks a lot for all your help so far!


What I want it to do, is for the value to give a True value when it finds a homefolder that has the same samaccount name as the folder does and give a false value when it doesn’t find any AD-user with the same name as a homefolder, so I know if the homefolder can be removed or not. But the problem is that I can’t understand how to do this, since the homefolder names end with “.xz” instead of just having the exact same name as the samaccount name for the AD account.

I hope you guys understand me better now.

So basically, I want the script to be able to check the homefolder share against the users samaccount name, against the folders that have the samaccount name in it, and disregard the .xz at the end so that I can find out which users actually have a homefolder, but doesn’t exist in the AD anymore. Therefore having the “True” and “False” value to show me the information whether it finds a corresponding user in the AD or not.

I hope you understand what I’m trying to explain, without making you guys even more confused :slight_smile:

Ok, easy enough.

option 1. Not ideal. Get your path from the server, look for the user with that path.
[bool](get-aduser -Filter “homedirectory -eq $path”)

option 2. This is the way I would do it. Get all the mappings and eliminate those that are not.
test-path (get-aduser myusername -properties homedirectory).homedirectory

More code involved but this gives you a start, you’ll have to figure out how to deal with true and false.

if(get-aduser -Filter “homedirectory -eq $path”){}else{delete or move folder}

Ahhhh so you are wanting to find folders on a server and compare to ad accounts

Maybe something like this. This only works if the folder only has user accounts. Go with Dan’s solution I see issues with mine and I’m on an iPad won’t be able to test till tomorrow

$paths = Get-childitem -path \\server\home$\

Foreach($path in $paths){
$user = Get-aduser ($path.substring(0,$path.length - 4) -properties homefolder | select homefolder

Yeah, exactly, I want it to find folders on a server and compare it to ad accounts.
But my problem is that the accounts and folders doesnt have the exact same name.
The only difference in the naming standard is that the homefolders have .xz at the ending of the folders instead of just “nameofadaccount” it is named “nameofadaccount.xz”.

That’s what I want to achieve :slight_smile:

Edit: and still a big thanks for trying to help me out solving this guys. It’s really bugging me out. Still learning and having hickups. But that’s what I Iove about PS, can’t ever learn enough, hehe.

Edit 2: Maybe I didn’t make it clear enough, hard to explain. But I want this check to be against every AD user account and not a single account, one at a time.

String manipulation is top priority when learning powershell. I gave you a method above to remove the trailing .xyz. That said it’s not necessary… You can get a list of the directory paths and search for the user account filtering the homedirectory attribute.

Problem is it is very slow. What I would do is get a list of directories and a list of adusers with the homedirectory and compare the two.

@Dan, sorry for the late reply.

Thanks for your answer. Yeah, you are correct. I have actually pulled out a list of the directories and users and I will look into what the fastest and easiet way to compare these two are.

Thanks for all your help! :slight_smile:

Fastest and easiest.

$adhomedir = (get-aduser -Filter * -properties homedirectory).homedirectory
$homedir = get-content homedir.txt

$homedir | ? {$_ -notin $adhomedir}


$adhomedir | ? {$_ -notin $homedir}

Thanks a lot Dan, worked exactly as I wanted it to!
Have a great day and thank you once again!