Script to remove user profiles / Ad accounts and Home Directory

[hargi]

OK So Im Testing this code

$users = Get-ADUser -Filter "*" -SearchBase "OU=Class 2013,OU=Students,DC=School,DC=local" -Properties samaccountname, HomeDirectory, profilepath


$users | ForEach-Object {
  
                                    
        #delete home directory from server
        remove-item $_.HomeDirectory -recurse -force   
        Write-Host 'Home Directory: '$_.HomeDirectory
                            
        #delete profile folder from server, delete line if not needed
        remove-item $_.profilepath -recurse -force   
        Write-Host 'Profile Path: '$_.profilepath `n

        #delete user account from AD
        Remove-ADUser -Identity $_.samaccountname -Confirm:$false   
        Write-Host 'SamAccountName: '$_.samaccountname
}

Profile Path is \\MainServer\Pro\%username%
Home Path is \\MainServer\HomeFolders\%username%

This is in a test environment so its safe to mess about.

This script throws up errors.
It does delete all the selected users from the AD
it does not delete there profile or Home directories

remove-item : Access to the path '\\MainServer\HomeFolders\cice\Documents' is denied.
At C:\bin\Remove-Users.ps1:8 char:9
+         remove-item $_.HomeDirectory -recurse -force
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (\\MainServer\HomeFolders\cice:String) [Remove-Item], UnauthorizedAccessException
    + FullyQualifiedErrorId : RemoveItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.RemoveItemCommand
 
Home Directory:  \\MainServer\HomeFolders\cice
remove-item : Cannot find path '\\MainServer\Pro\cice' because it does not exist.
At C:\bin\Remove-Users.ps1:12 char:9
+         remove-item $_.profilepath -recurse -force
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (\\MainServer\Pro\cice:String) [Remove-Item], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand
 
Profile Path:  \\MainServer\Pro\cice
SamAccountName:  cice

This is on a Windows 2012 Server with win 7/8 clients.
The Profile appears in the folder as cice.v2 if that makes any difference.
I have also set up folder redirects so that the documents and pictures redirect to the homefolder

 

[Bry]

Profilepath you need to add on .v2 in your script. Vista/W7/W8 appends .v2 to profile path to distinct between xp and later profiles
i.e. if your profile path for each user states:

\\MainServer\Pro\cice
then you need to do remove-item
\\MainServer\Pro\cice.v2

Documents folder looks like a permission issue - access denied. Who are you running the script as? Does that account have permission to delete the folder?

 

[hargi]

Running the script as administrator on directly on the server.
However looking into it I cant delete the folders manually with out right clicking and taking ownership of them

Is there a way to code that into the script?

 

[Bry]

Sounds like the user has exclusive rights to their mydocuments.

When you set the folder redirection did you tick or untick "grant users exclsuvie rights to their mydocuments?"
http://technet.microsoft.com/en-us/library/cc782799(v=ws.10).aspx

If that box is ticked then I would expect to see what your seeing.

Powershell you can useaccesscontrol.filesecurity class to do a setowner
http://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesecurity(v=vs.110).aspx

QUick example I found on the net http://stackoverflow.com/questions/17031552/how-do-you-take-file-ownership-with-powershell (see Update and answer)