0

Over the course of time, our organization has gone through some profile name changs (i.e. when a person marries) and there has not been a standard of also renaming the user's home directory. So we have users like MarySmith whose directories are like C:\USERS\MaryJones. No problem thus far, but now we would like to clean these up to avoid confusion. (MarySmith / MaryJones used here are for illustrative purposes only.) We are beginning to go through some security measures and elimination of this "confusion" plays a part in the process.

So our first step, was to identify the cases where this has taken place. On the Domain Controllers, we issued a PowerShell command like this, for an initial Proof of Concept:

get-ADUser MarySmith -properties * | Export-CSV -path C:\SOME\PATH.csv

What we found was that there is no mention there of the MaryJones folder at all. There is a HomeDirectory property, but it's empty.

Digging a little further, in Active Directory Users and Computers (ADUC) when we pull up properties for the user, we also don't see a difference for Profile Path, Login script, Home Folder ... all empty. And yet when the user (MarySmith) logs in, the NTUSER.DAT file in C:\USERS\MaryJones gets updated.

Who can help us understand how to retrieve the correct information, and maybe along the way how Windows keeps track of the fact that those names are associated? I'm convinced if we could retrieve this association we could eliminate some problems.

Thanks, Dennis

Dennis
  • 1,071
  • 2
  • 17
  • 38
  • 1
    Have you ever actually [configured roaming profiles](https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles) in this environment? It sounds like what you're describing is simply a local user profile on a Windows machine – Mathias R. Jessen Mar 15 '21 at 23:36
  • 1
    a call to `Get-CimInstance -ClassName Win32_UserProfile` gives both a `.SID` to identify the user and a `.LocalPath` that should point to the local user profile path. – Lee_Dailey Mar 15 '21 at 23:39
  • Thanks, @Lee_Dailey - this is a big step forwrd. Unfortunately, though, we still don't have all the pieces of the puzzle in one place. We have users available in Get-ADUser (and it has a SID property), and we have SID (along with folder name) available in Get-CimInstance. But looks like we cannot select one SID from Get-CimInstance (I've tried Get-CimInstance followed by username and followed by sid, to no avail). Do you know of a tool that will put the user and the path into one object? (This is all made messier since we have local users on some computers. We'll ignore them for now.) – Dennis Mar 16 '21 at 01:01
  • What about applying some filters? `Get-CimInstance -ClassName Win32_UserProfile | Where-Object {$_.SID -eq 'S-1-5-21-...'} | Select-Object -Property SID, LocalPath` returns the SID and the profile path for a given SID. – stackprotector Mar 16 '21 at 06:22
  • @Thomas Ithanks, I’ll play with this. We’re looking for a way to get from C:\Users\OldName to UserName, and this may do the opposite of that. I’ll play around with WHERE on both Get-ADUser and Get-CimInstance to see if I an land on a way. This is a good nudge, thanks again. – Dennis Mar 16 '21 at 08:57
  • You guys' suggestions helped me out, thanks. I'll post a self-answer. – Dennis Mar 16 '21 at 10:27
  • @Dennis - you are most welocme ... and i am quite glad to see that you got it working as needed! [*grin*] – Lee_Dailey Mar 16 '21 at 13:33

1 Answers1

2

Thanks to the suggestions of @Lee_Daily and @Thomas in the comments on the question, we've come up with a workable solution (there are a few that would not translate (caught nicely by the Try/Catch - looking into that - will update answer when understood).

UPDATE The ones that would not translate, were due to NTUSER.DAT files remaining on the system after their associated users had been removed from the directory. ***

Here are the relevant pieces of the script that we came up with:

$FOLDERS = Get-ChildItem -Path "C:\users\" 
ForEach ($FOLDER in $FOLDERS) {
    $NTUSER = $FOLDER.FullName + "\NTUSER.DAT"
    if (Test-Path $NTUSER) { # Profile file exists
    $SID = (Get-CimInstance -ClassName Win32_UserProfile | Where-Object {$_.LocalPath -like $FOLDER.FullName}).sid
        $USEROBJ = New-Object System.Security.Principal.SecurityIdentifier($SID)
        if ($USEROBJ -ne $NULL) {
            try {
                $USERNAME = $USEROBJ.Translate( [System.Security.Principal.NTAccount]).Value
                }
            catch [exception] {
                $USERNAME = $NULL
                }
            }
        if ($USERNAME -eq $Null) {
                Write-Host "Couldn't resolve user for $SID $FOLDER "
            }
        else {
            #Here we have a valid NTUSER path, and a profile name.
            #Now we can make miracles happen.
            A-Miracle-Happens($FOLDER.FullName, $USERNAME)
            }
        }
    }

Thanks, Guys.

Dennis
  • 1,071
  • 2
  • 17
  • 38
  • You can replace `(... | Select-Object -Property SID).sid` by `... | Select-Object -ExpandProperty SID` or by `(... ).sid` for a better readability. – stackprotector Mar 16 '21 at 14:11
  • Thanks @Thomas . Not sure what you meant since I already have (...).sid specified. Maybe there's a shortcut beyond what I've done above? Sorry I don't understand; I'm sure it's due to my limited experience with PS. – Dennis Mar 17 '21 at 13:54
  • If you keep the brackets followed by `.sid`, you can omit `| Select-Object -Property SID`. – stackprotector Mar 17 '21 at 15:42
  • A, got it @Thomas. Much nicer now. Answer updated. Thanks for all the help! – Dennis Mar 18 '21 at 14:39