fortypoundhead.com

Checking Profile Existence on Remote Machines with PowerShell

Posted On 2016-02-23 by dwirch
Keywords:
Tags: Powershell Scripting Tip Windows
Views: 1656


Need to find every workstation that a user has logged on to? Security event logs rolled over or you can't otherwise get that info from the domain controllers? Here is a way to get it.

Windows PowerShell FTWFrom time to time, I need a user profile gets borked. It happens, don't deny it. Sometimes, users do silly things, and you need to find out workstations there silliness visited in the past.

Normally, you could simply query the security event log on your domain controllers to find this information. The caveat is that the logs eventually get full, and purge/overwrite/rollover, making finding the necessary data impossible. You can get around this to some extent by using a log repository, such as the one contained in SCOM, or something like LogLogic, SysLog, or Splunk.

But, let's pretend you don't have any of those solutions in place, and your logs have rolled over. The inforamtion is still available, if you look for it.

On recent Windows workstations, each user has their own profile directory. Unless local profiles are turned off, then you can check each workstations for the existence of a user profile that matches the user name in question. The user profiles live in the following location:

C:\Users\

Pretty obvious, eh? Just in case you didn't know ...

Rather than attempt attaching to each machine in turn to determine if the profile directory exists, a scripted solutoin is called for in order to query a large number of machines for the information. This gets our data quickly, and efficiently, with a minimum of labor. And we all know system administrators are lazy, don't we?

The following script utilizes PowerShell and the Active Directory module. It gets a list of computers from Active Directory, in the OU specified, and queries for the existence of the designated username-based path. It's important to note that when testing the path, the script matches the passed username with a wildcard match afterward. For example, if we search for a user called MyUser, all of the following will be found:

C:\Users\MyUser
C:\Users\MyUser.Domain
C:\Users\MyUser.Local
C:\Users\MyUser.tld

This script has one paramater UserToSearchFor. So to call the script, simply type:

.\Find-UserProfiles.ps1 MyUserName

Where MyUserName is the SamAccountName or username that you want to find.

Before running this script on your own domain, don't forget to modify the $ADSearchBase variable to reflect your domain. Otherwise, you'll just get a bunch of red on your screen.

The script is below, in all its simplicity. Any questions, comments, concerns, or gripes, just put in a comment below, or start a thread in the forums. Have a great day!

 

Param(
    [Parameter(Mandatory=$True,Position=1)]
    [String]$UserToSearchFor
)

$ADFilter="*"
$ADSearchBase="OU=Computers,DC=MyDomain,DC=MyTLD"
$ComputerList=Get-ADComputer -filter $ADFilter -SearchBase "$ADSearchBase" -SearchScope Subtree
$NumberOfComputers=$ComputerList.Count
$CurrentHostNumber=1

write-host "Searching for profile directories for $UserToSearchFor`n"

ForEach($Computer in $ComputerList){
    $PathToTest="\\" + $Computer.Name + "\c$\users\$UserToSearchFor*"
    write-progress -activity "Checking remote hosts for $UserToSearchFor" -status $Computer.Name -percentcomplete (($CurrentHostNumber/$NumberOfComputers)*100)
    if((Test-path -path $PathToTest) -eq $True) {
      write-host $PathToTest
    }
    $CurrentHostNumber++
}
write-host "`nSearch Complete.`n"

 


About the Author

dwirch has posted a total of 187 articles.


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.82.56.95

Before you can post, you need to prove you are human. If you log in, this test goes away.




Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers