none
Powershell How to find profiles that no longer have a user RRS feed

  • Question

  • Trying to automate some VDA cleanup.  Trying to compare profile SID to AD SID.  I can list AD users and user profiles.  Having difficulty getting SIDs compared and generating a list of profiles that no longer exist in AD.  It is only returning one result when I know the test parameters should return 4.  Even when I test in a foreach loop it only returns one result.  Here is some of my test code:

    $TestSearchBase = "OU=TEST,DC=,DC=,DC=com"
    <#
    -- Create list of user profiles --
    -- $profileLAll = All profiles on machine matching criteria --
    -- $profileLTest = Profiles to test --
    -- $profileList = List of AD profiles --
    #>
    $profileLAll = Get-WmiObject -Class Win32_UserProfile -filter 'special=False AND SID LIKE "S-1-5-21-14%"' | select LocalPath,SID
    
    foreach ($LocalPath in $profileLAll) {
        if ($LocalPath.LocalPath -notlike '*administrator*' -AND $LocalPath.LocalPath -notlike '*itptadmin*') {
            $profileLTest = $LocalPath
            Write-Host "Profile to test: " $profileLTest
        }
    }
    #-- Enumerate AD users in TEST OU --
    $profileList = (Get-ADUser -Filter * -Searchbase $TestSearchBase -Properties SID)
    <# 
    -- Compare AD users SID to local profile SID --
    -- List profiles that are not in AD --
    #>
    $profileMissing = $profileLTest | Where {$profileList.SID -notcontains $_.SID}
    Write-Host "Missing profile: " $profileMissing
    

    • Moved by Bill_Stewart Wednesday, September 4, 2019 6:32 PM Abandoned
    Tuesday, March 12, 2019 4:47 PM

All replies

  • This is a classic programming pattern with PowerShell.

    Start with this.  You can detect the failure and report it.

    $filter = 'special=False AND SID LIKE "S-1-5-21-14%" AND NOT LocalPath LIKE "%administrator%" AND NOT LocalPath LIKE"%itptadmin%"'
    Get-WmiObject Win32_UserProfile -filter $filter |
        ForEach-Object{
            if(Get-AdUser -Filter "SID -eq '$($_.SID)'"){
                # user object found
            }else{
                # user object not found
    Write-Host "$($_.SID) $($_.LocalPath)" } }


    \_(ツ)_/



    • Edited by jrv Tuesday, March 12, 2019 5:14 PM
    Tuesday, March 12, 2019 5:10 PM
  • Thanks, that gets me the list I would expect.

    Looked at arrays documentation and unclear how to write the results into an array with Keys so that it could be accessed as $profileDel.SID or $profileDel.LocalPath  Using your Write-Host example I can put all results into an array but it looks like SID and LocalPath are combined into one line. Tried a couple things but it doesn't seem to like when I separate $($_.SID) and $($_.LocalPath)  Write-Host "$($_.SID)" works but trying to add the value to array gives "You cannot call a method on a null-valued expression." error with ~~~ under $_.SID

    $profileDel = @{SID = ''; LocalPath = ''}
    $filter = 'special=False AND SID LIKE "S-1-5-21-14%" AND NOT LocalPath LIKE "%administrator%" AND NOT LocalPath LIKE"%itptadmin%"'
    Get-WmiObject Win32_UserProfile -Filter $filter | 
        ForEach-Object{
            if(Get-ADUser -Filter "SID -eq '$($_.SID)'" -Searchbase $TestSearchBase){
               
            }else{
                Write-Host "$($_.SID)"
                $profileDel.Add('SID', "$($_.SID)")
                $profileDel.Add('LocalPath', "$($_.LocalPath)")
                
            }
        }
    

    Tuesday, March 12, 2019 6:42 PM
  •           $profileDel.Add('SID', "$($_.SID)")
                $profileDel
    .Add('LocalPath', "$($_.LocalPath)")

    Should be:

    [pscustomobject]@{
         SID = $_.SID
         LocalPath = $_.LocalPath
    }

    Learn PowerShell before it is too late!


    \_(ツ)_/


    • Edited by jrv Tuesday, March 12, 2019 6:51 PM
    Tuesday, March 12, 2019 6:50 PM