Categories
Microsoft Powershell

Backup and Remove AD User Home Directory settings with Powershell

PowerShell script to export any AD user parameters into a CSV file.

Background story (that you can safely ignore)

I am currently working on a project (There is so many projects, always!) that I have to backup the User Home Directory, filtered by the OU, and then Clear the Home Directory settings in Active Directory.   This project is also related to our Citrix Environment, in which there is a published application for each location to open a mapped User Folder that is stored on a network shared.  There is a GPO in place to map logon user to his/her user folder as Z Drive, and the PowerShell will check to see if this folder is mapped or not and if the Test-Path comes back as true, it will open a file explorer to that location. 


First Script – Backup

This first script is used to backup the SamAccountName and the Home Directory of the users to a CSV.  You can modify it to export any parameters in the user object. In case if we need to roll back to use the Home Directory, I have another script that can use to put this backup back to Active Directory.   Your AD structure will be different from ours.  Put in the OU and DC accordingly in the SearchBase to get this to work.  We separate the different locations by Country Code and then within that OU, there are different OU that has the CountryCode + 3 digits code.  For Example, MX999 is a sub OU of MX and MX is a sub OU of the Locations OU.

$OUCode = Read-Host -Prompt 'Please enter the Country Code + 3 digits Code to export user list' #this will Prompt the User to put in the Country Code + 3 digist Code (i.e. MX999) 

$Country = $OUCode.Substring($OUCode.length -5,2) 
#This will remove the 3 digits from the input, leaving us the Country Code. That is the parent OU of MX999 in our example.  

Get-Aduser -SearchBase "ou=users, ou=$OUCode, ou=$Country, ou=Locations, dc=domain, dc=com" -filter * -Properties *| select SamAccountName, HomeDirectory |Export-CSV c:\backup\$OUcode.csv

If(Test-Path(C:\backup\$OUcode.CSV)){

write-host 'Export completed.  The CSV file is located at C:\backup\' -foregroundcolor Green

}Else{

Write-Host ‘File was not exported, please check’}

#Make sure you replace ou=Locations, dc=domain, dc=com with the layout of your Domain.  (also modify the $OUcode and $Country variable to fit your environment) This will Select only SamAccountName and HomeDirectory for all the users within that OU and export it to C:\Backup with the name of the OU as the file name of a .CSV file.  Otherwise, it will tell the user to check because the CSV file is not there.


Second Script – Clear Home Directory

Write-host 'Please make sure the CSV file is copied to C:\backup' -ForeGroundColor Green

Pause   #Until the user hit any key to continue, the script will pause here and wait for the user to make sure the CSV file is in C:\backup.

$File = Read-Host -Prompt 'Please enter the name of the CSV file, including .csv'   #prompt the user to put in the name of the .CSV file.  

$UserList = Import-CSV -Path c:\backup\$file    #import the CSV content into $UserList Variable.

$UserList.SamAccountName  #display all the users in $UserList

Write-Host 'Are you sure you want to clear the home directories for these users?' -foreGroundColor Green    #Final confirmation if user wants to clear the Home Directories for these users.

$answer = read-host -prompt 'Y/N'    #prompt the User for a Y/N entry

if ($answer -eq "Y"){     #if user enter y, the script will process the next for loop.

       foreach ($user in $userlist){       

            if($user.homedirectory -eq ''){           #if home Directory does not have any entry, display that user does not have one

write-host 'User: '$user.samaccountname ' Does not have a homedirectory!' -ForeGroundColor Green
             }
           elseif($user.homedirectory -ne $NULL){    #Else if the home directory is not NULL for that user, clear the home directory setting for that user and display it on screen.

Set-Aduser -identity $user.samaccountname -Clear HomeDirectory

write-host 'User: '$user.samaccountname ' HomeDirectory has been Clear!' -ForeGroundColor Green
             }
       }
}



Third Script – restore Home Directory setting

This script is used as a backup plan in case if anything goes wrong with the deployment so that we have a way to restore the Home Directory setting back to Active Directory. This is just a variation of Script two.

Write-Host 'Please make sure the CSV file is copied to C:\backup' -ForeGroundColor Green
pause  #the script will pause and wait for User confirmation 

$File = Read-Host -Prompt 'Please enter the name of the CSV file, including .csv'  

$Userlist = Import-CSV -path c:\back\$file    #import the CSV

$Userlist.SamAccountName   #display all the users in the CSV

Write-Host 'Set the HomeDrive for these user according to the CSV?' -ForeGroundColor Green    

$Answer = Read-Host -prompt 'Y/N'   #Prompt the user for Y/N 

If ($Answer -eq "y"){  #If user entered Y, do below

    ForEach ($User in $Userlist){  #a for loop to go over all the user in the $Userlist variable

             If($User.HomeDirectory -eq ''){ #if HomeDirectory is empty, display on screen that the user did not have a Home Directory setup.

Write-Host 'User: '$User.SamAccountName ' Did not have a homedirectory!' -ForeGroundColor Green
             }
             ElseIf($User.HomeDirectory -ne $NULL){  #if Home Directory was not NULL

Set-Aduser -identity $user.samaccountname -HomeDirectory $user.homedirectory -HomeDrive Z;     #set the HomeDirectory according to the HomeDirectory in the CSV and set it to Z drive.  Then display on screen that the Home Directory was modified for this user.

write-host 'User: '$user.samaccountname ' HomeDirectory is now ' $user.homedirectory -ForeGroundColor Green }   
     }
}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s