1

I'm trying to determine which user folders in C:\Users have active users in Active Directory.

I currently have the following:

$userProfile = Get-ChildItem -Path "C:\Users"
$unknownList = @()
foreach($user in $userProfile){
    try{
        Get-ADUser -Identity $user.Name | Out-Null
    }
    catch{
        $unknownList += $user.Name
    }
}
Write-Host $unknownList

My issue is that all usernames appear to not exist and are caught. Can anyone offer some suggestions for a PowerShell first-timer? I have a tried a number of other things found here and elsewhere but none have been able to work. Thank you!

Improve this question
8
  • 1
    The name of the folder in C:\Users does not nesessarly match the name of the user in AD. It could be username.DomainName.### if the user profile already existed. Commented Jan 10, 2014 at 20:54
  • Your code looks correct, as far as I can tell. The only thing that might be an issue is that your Catch { } block might never be reached, because Get-ADUser creates non-terminating errors. To work around this, use -ErrorAction Stop on Get-ADUser. That changes errors into terminating errors. Commented Jan 10, 2014 at 21:03
  • @TrevorSullivan His problem is that all names throw an error and thus end up in $unknownList. Commented Jan 10, 2014 at 22:09
  • What are the actual errors that cause the names to end up in $unknownList? Add a line Write-Error $_ to the catch block so you can see what's going on. Are you using PowerShell v2? PowerShell didn't support automatic module loading before v3, so you'd need to run Import-Module ActiveDirectory before you could use Get-ADUser. You can check your PowerShell version by echoing $PSVersionTable. Commented Jan 10, 2014 at 22:20
  • I'd use Get-ACL on the ntuser.dat file in each folder and see if the Owner resolved to a user, or was an orphan SID. Using the folder name for account resolution may not be reliable. User names can be changed or truncated and not match the name of their home folder. Commented Jan 11, 2014 at 4:15

1 Answer 1

Reset to default
7

I was wanting to do something similar, and was appalled that it seemed like the only way to see if a user exists in AD was to barbarically have the Get-ADUser throw an error, and you then catch it. After much research, I found that instead of using the -Identity parameter if you use the -Filter parameter you actually get back, either the user object(s) that match the filter parameter, or a $Null object (because nothing matches the -Filter parameter). Once you have that in a variable, you can then do a "proper" if/else statement evaluation without throwing any errors.

Here is your code:

$userProfile = Get-ChildItem #-Path "C:\Users"
$unknownList = @()
foreach($user in $userProfile){

    #Try getting the user
    $ADUser = Get-ADUser -Filter {SamAccountName -eq $User.Name}

    #Test to see if the user exists
    If($ADUser)
    {
        #User Exists
        #Write-host "$($User.Name) Exists"
    }
    Else
    {
        #User does not Exist
        #Write-host "$($User.Name) Does not Exist"

        Write-host "$($User.Name)"
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.