HOWTO: Ultimate Powershell Home Drive Verification Script

The script below was designed to solve the following problem in my environment.  We have 32 discrete home servers scattered across Canada and thousands of employees that use them.  The problem was appeared to have many times more folders than we did employees.  This turned out to be the result of having an incomplete take down process for terminated employees that ran for an extended period of time.  I therefore needed to write a script to identify all of the folders that were no longer used and could be archived or deleted.

This proved to be far more complex than I first suspected for at least the following reasons:

– Manually providing a list of home servers had the potential to miss entire file servers in a larger environment
– The folder names of the home drives did not always (often) match the username either due to spelling mistakes or varying conventions (firstname.lastname, firstnamelastinitial, lastnameonly, etc)
– The ACLs on the folders may not have been configured correctly and so the user couldn’t access it anyway
– The home drive was not configured in active directory for the user so they couldn’t use the folder even if it existed
– The folder ACL only contained SIDs as the employee account was deleted
– The ACL on the folder only contained the username from an obsolete but still around domain
– The user was terminated but their account was never disabled
– Someone else was given access to a folder and so even though the employee is terminated, we don’t want to remove it
– The user account had been deleted from Active Directory entirely
– The user account was created but the employee never started and so the account was never logged into
– The folder is only accessible to administrators
– The user moved to a new site and their OU was updated but their home drive was not so they are now accessing data over the WAN
– The account is in fact disabled or the account expiry is set
– and still more

I wanted to write a script that could progmatically and automatically identify all of these issues and create an easy to read report that tells me what’s going on in my environment with respect to home drives.

After many, many hours of research and head banging, I’m very proud to announce that I have written a script to accomplish everything above.  Three disclaimers though before we go any further:

1) This was written for my environment.  It does not make any changes to anything and so it should be safe to run anywhere.  However it was only tested in my environment and so there are absolutely no guarantees for what it will do for you
2) The comments could stand to be further refined and expanded upon but I quite frankly can’t stand to look at this thing anymore.  I want it out of my head so I’m publishing it as is.
3) A good chunk of the code is optimized.  Creating this required a very large amount of trial and error.  I fully intend to one day go back and see how best I can optimize this code but for now I’m choosing to call it functional rather than ideal.

Known issues:

– I have error handling for all known situations but I do not have any generic try catch error handling as I wanted the errors for debugging.  I wanted to add this… but I’m sick of it.  Maybe another time
– The script makes several assumptions about the layout of your network that must be true for this script to function.  Those include but are not limited to:

* Your home drives must follow the convention \\<servername>\<home> where “servername” and “home” can be any values but it can not go any deeper than this
* Your OUs are in the format <mainOU>, <subOU>, <Useraccount>.  Any other combination will not allow that functionally to work
* I’m sure there are others…

– It’s also worth noting that this script can take a while to run depending on the size of the environment.  To that end, I’ve included some fairly robust progress bars and countdown timers to keep track as it goes as shown below:

Ok, that’s it.  I’m done.  Maybe I’ll revisit this in 2014…

[snippet id=”7″]