Deleting local user profiles

Posted in Microsoft by Kat

This is more of a one off utility to use when things go wrong but using GPO to delete profiles over a certain age is much tidier. I needed to clear all profiles (even the ones that were used on the same day). The story why it got to this point is quite long but lets just say that if you’re moving redirected folders to a different server definitely make changes to your GPO first.

Some useful articles on this:

http://www.microsoft.com/en-gb/download/details.aspx?id=5405
http://social.technet.microsoft.com/Forums/en-US/4e7df397-7b93-41ab-8448-2503c63568f6/how-to-move-redirected-files-from-one-server-to-another?forum=winserverGP

So if for any reason you’d like to delete local user profiles from a bunch of PCs you will definitely find the Delprof utility useful. For Windows XP and lower you can download to file from Microsoft. You will however notice that this is no good for Windows 7, that’s where Helge Klein’s Delprof2 comes in handy. The software is free to use for non-profit and educational organisations which nicely covered my client. The commercial license costs around £260 which isn’t that small amount but if you’re going to get some use out of it it’s not ridiculous either.

I had nearly 900 PCs to contend with and wanted to run delprof2 against a list of PC names. For this purpose I’ve written a fairly simple batch file, which no doubt could be much improved but it did the job quite nicely.

@echo off
del /q log.txt 2>nul
del /q errorlog.txt 2>nul

for /f %%i in (pclist.txt) do call :proc %%i
goto :end

:proc
echo processing %1 …

ping -n 2 %1 >nul 2>nul
if %ERRORLEVEL% gtr 0 (
echo -offline
echo %1 -offline >>errorlog.txt
goto :EOF
)

echo deleting on %1
echo deleting on %1>>log.txt

DelProf2.exe -c:%1 -i -q

echo %1 Complete
echo %1 Complete>>log.txt

goto :EOF

:end

This script assumes there’s a PClist.txt file containing a list of computer names (IP addresses would work too) and delprof2.exe in the same directory as the batch file itself.

17Feb2014

Creating AD users from a CSV file

Posted in Microsoft by Kat

I must be in scripting mood lately. Here we have a belated Christmas present in the form of a powershell script to create users from a csv file.

Again I have butchered somebody else’s script so if you’d like the unobliterated version head over to http://gallery.technet.microsoft.com/office/AD-and-mailbox-from-CSV-96a4713f – thanks Rahmat!

My own addition is the little waiting and checking section in the middle as I sometimes had the mailbox creation fail as it couldn’t see the user yet.

I’ve also added a section for creating home drives as for some reason when you assign the home folder location during the AD user creation it only adds the AD property but doesn’t actually create the folder.

For my purposes the CSV has the folowing headers:

LastName,FirstName,Username,Title,Password,OU,Database

But you could add more as needed and use in the script:

#############################################################################
# New-UserAD and Email + Home Folder
# Create email and AD Account for new Users in Contoso.com
#
# ============================================================================

$date = Get-Date
#Set up Log files for output
$ErrorLog = “C:\PS\Errorlog.txt”
$SuccessLog = “C:\PS\Successlog.txt”
Add-Content $SuccessLog “————————————————————————————————-”
Add-Content $SuccessLog $date
Add-Content $SuccessLog “————————————————————————————————-”
Add-Content $ErrorLog “—————————————————————————————————-”
Add-Content $ErrorLog $date
Add-Content $ErrorLog “—————————————————————————————————-”

## Create Session with Exchange 2010 change your URI address
$s=New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://EXCHANGESERVER/powershell -Authentication Kerberos

## Add AD Cmdlets
Import-Module ActiveDirectory
#Import CSV

$csv = @()
$csv = Import-Csv -Delimiter “,” -Path “C:\PS\newADuserList.csv”
#Get Domain Base
$searchbase = Get-ADDomain | ForEach { $_.DistinguishedName }

#Loop through all items in the CSV
ForEach ($user In $csv)
{

## change your OU with your own OU
$OU = $User.’OU’
$Password = $User.Password
$title= $user.’Title’
$lastname= ($user.’LastName’.Substring(0,1).toupper() + $User.’LastName’.Substring(1).tolower())
$Detailedname = $User.’FirstName’ + ” ” + $lastname
$UserFirstname = $User.’FirstName’
$SAM = $User.’Username’
$UPN= $SAM + “@YOURDOMAIN.COM”
$Displayname= $User.’Username’
$Dis= $User.’title’ + ” ” + “$Detailedname”
$group= “ADGROUPS TO INCLUDE USER IN”
$homedrive= $User.HomeDrive
$logonscript= “LOGON SCRIPT PATH”
$database= $User.’Database’

#Check if the User exists
$NameID = $user.’Username’
$User = Get-ADUser -LDAPFilter “(SamAccountName=$NameID)”
If ($User -eq $Null)

{
#Create the User if it doesn’t exist

$create = New-ADUser -Name $SAM -SamAccountName $SAM -UserPrincipalName $UPN -DisplayName $Displayname -Path $OU -GivenName $UserFirstname -Surname $lastname -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Enabled $true -Description $Dis -HomeDrive Z: -HomeDirectory $homedrive -ChangePasswordAtLogon $true;

do
{
#Wait for bit as sometimes the user creation takes a little while to take effect
sleep -seconds 3
$accountExists = get-ADUser -LDAPFilter “(SamAccountName=$SAM)”
Write-Host “.” -nonewline
} while ($accountExists -eq !$Null)

Write-Host “AD Account $Detailedname created!”

add-content $SuccessLog “User $SAM created Sucessfully.”

## Adding User to Group
Add-ADPrincipalGroupMembership -Identity $SAM -MemberOf $group

Write-Host ” Added to Groups Needed”

add-content $SuccessLog “AD User $SAM Added to groups Sucessfully.”
Write-Host -ForegroundColor Green $SAM

### Create Homedrive

# Assign the Drive letter and Home Drive for the user in Active Directory
$HomeDrive=’Z:’
$UserRoot=’\FILESERVER\USERSHARE\’
$HomeDirectory=$UserRoot+$SAM
SET-ADUSER $SAM –HomeDrive $HomeDrive –HomeDirectory $HomeDirectory

# Create the folder on the root of the common Users Share
NEW-ITEM –path $HomeDirectory -type directory -force
$Domain=’YOURDOMAIN’
$IdentityReference=$Domain+’\’+$SAM

# Set parameters for Access rule
$FileSystemAccessRights=[System.Security.AccessControl.FileSystemRights]”FullControl”
$InheritanceFlags=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit, ObjectInherit”
$PropagationFlags=[System.Security.AccessControl.PropagationFlags]”None”
$AccessControl=[System.Security.AccessControl.AccessControlType]”Allow”

# Build Access Rule from parameters
$AccessRule=NEW-OBJECT System.Security.AccessControl.FileSystemAccessRule -argumentlist($IdentityReference,”FullControl”,”ObjectInherit, ContainerInherit”,”None”,”Allow”)

# Get current Access Rule from Home Folder for User
$HomeFolderACL=Get-ACL $HomeDirectory
$HomeFolderACL.AddAccessRule($AccessRule)
SET-ACL –path $HomeDirectory -AclObject $HomeFolderACL

## Creating Mailbox on EX2010
Enable-Mailbox -Identity $SAM -Alias $SAM -Database $database

## Set Dial in Properties
set-aduser $SAM -replace @{msnpallowdialin=$true}
## Set Dial in Properties
set-aduser $SAM -replace @{msnpallowdialin=$true}

Add-Content $SuccessLog “—————————————————————————————————-”

}
Else

{
## If user already exists unlock and enable user account and log message in error log.
Unlock-ADAccount -Identity $SAM
Enable-ADAccount -Identity $SAM
Write-Host -ForegroundColor Red “AD User $SAM already exists. Account unlocked.”
add-content $ErrorLog ” User Already exist : $Detailedname. Account unlocked”

Add-Content $ErrorLog “—————————————————————————————————-”

}

17Feb2014

My favourite inventory script

Posted in Microsoft by Kat

UPDATE: New script download link here.

Last week I received one of the most dreaded emails ever. It began with “can you please fill out an inventory spread sheet for this customer?”. I’ve been through a fair few IT jobs and whether I worked for a small or large company documentation was never their strong side so I pretty much knew I’d have to do it from scratch. Luckily I came across Jesse Hamrick’s script on the powershellpro site. You can download my edited version here.

I’ve only made a couple of modifications to the original script:

1. Replaced 1024 / 1024 with 1GB to get RAM etc. in GB instead of MB and updated the spreadsheet headers accordingly.

2. Excel 2013 only creates one worksheet rather than three when you open a new workbook so you’ll end up missing two sheets (networking and disks). To create the two additional sheets I’ve inserted two more lines of $Sheet = $Excel.Worksheets.Add().

And that’s it. You can obviously tweak this as much as you want but Jesse’s original script pretty much does everything I need it t do.

Below is an example of the spread sheet it produces:

This slideshow requires JavaScript.

What Kat Did

Tag Archives: Script

Deleting local user profiles

Creating AD users from a CSV file

My favourite inventory script