0 votes

Good afternoon,

I'm currently updating some of our scripts and I'm looking to have an option that delete's a users V2 profile path when run. All the scripts I've run are based off the profile path in AD which only shows as \\server\profile$\username where as when using Server 2008+ we have the addition of the username.V2 directory.

First I am unable to locate a delete profile option right in Adaxes (even though there is a delete Home directory option). Second all the scripts I've located/modified only seem to locate the standard directory rather than the .V2 directory. Please advise if there is a script or option available to complete this task, or if you need further clarification.

by (680 points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

There is no built-in action to delete a user's profile in Adaxes, but you can always use a script for this purpose. Here's a script that deletes a user's standard profile, V2 profile and V4 profile (appears in Windows 8 / Server 2012):

$profileSuffixes = @(".V2", ".V4") # TODO: modify me

# Get name of the user who invokes the script
$adminName = "$env:userdomain\$env:username"

# Function to get full access to all subdirectories in a directory
function GrantFullControlForDirectory($directoryPath, $username, $directoryWithFullPermission)
{
    if ($directoryWithFullPermission.Contains($directoryPath))
    {
        return
    }
    $directoryWithFullPermission.Add($directoryPath) | Out-Null

    $directory = Get-Item -Path $directoryPath -Force

    # Change directory owner
    $ownerAcl = New-Object "System.Security.AccessControl.DirectorySecurity"
    $ownerID = New-Object "System.Security.Principal.NTAccount" $username
    $ownerAcl.SetOwner($ownerID)

    $directory.SetAccessControl($ownerAcl)

    # Set the Full Access permission
    $directoryAcl = Get-Acl $directoryPath
    $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $userName, "FullControl","ContainerInherit, ObjectInherit", "None", "Allow"
    $directoryAcl.SetAccessRule($fullPermission)

    Set-Acl -Path $directoryPath -AclObject $directoryAcl

    $childItems = Get-ChildItem -Path $directoryPath -Force

    if($childItems -eq $NULL)
    {
        return
    }

    foreach($item in $childItems)
    {
        if($item -is [System.IO.DirectoryInfo])
        {
            GrantFullControlForDirectory $item.FullName $username $directoryWithFullPermission
        }
    }
}

# Function to get full access to all files in a directory
function GrantFullControlForFiles($directoryPath, $username)
{
    # Get full access to all files in the directory
    $allFilePaths = [System.IO.Directory]::GetFiles($directoryPath,"*","AllDirectories")
    foreach($filePath in $allFilePaths)
    {
        $file = Get-Item -Path $filePath -Force

        # Change owner
        $ownerAcl = New-Object "System.Security.AccessControl.FileSecurity"
        $ownerID = New-Object "System.Security.Principal.NTAccount" $username
        $ownerAcl.SetOwner($ownerID)

        $file.SetAccessControl($ownerAcl)

        # Set Full Access permission
        $fileAcl = Get-Acl $filePath
        $fullPermission = New-Object "System.Security.AccessControl.FileSystemAccessRule" $username, "FullControl", "Allow"
        $fileAcl.SetAccessRule($fullPermission)

        Set-Acl -Path $filePath -AclObject $fileAcl
    }
}

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

# Also check profile paths with suffixes (V2 and V4 profiles)
foreach ($suffix in $profileSuffixes)
{
    $profilePaths += "$profilePath$suffix"
}

# Remove profile folders
foreach ($profilePath in $profilePaths)
{
    if (!(Test-Path -Path $profilePath))
    {
        $Context.LogMessage("Profile '$profilePath' missing", "Information")
        continue
    }

    # Change permissions
    $directoryWithFullPermission = New-Object "System.Collections.Generic.HashSet[System.String]"
    GrantFullControlForDirectory $profilePath $adminName $directoryWithFullPermission
    GrantFullControlForFiles $profilePath $adminName

    # Remove the profile folder
    try
    {
        Remove-Item -Path $profilePath -Force -Recurse -ErrorAction Stop
        $Context.LogMessage("Profile '$profilePath' successfully removed", "Information")
    }
    catch
    {
        $Context.LogMessage($_.Exception.Message, "Error") # TODO: modify me
    }
}

To add the script to your Business Rule, Custom Command or Scheduled Task, use the Run a program or PowerShell script action.

0

thank you,

I'm curious if this script will run on an Remote Desktop Profile path

I received a message stating that no path has been defined, which leads me to believe it's trying to pull from the standard profile path.

0

To make it work on Remote Desktop Profile path instead of the normal profile path you will need to do the following modification:

Before:

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

After:

# Get profile path from AD
$profilePaths = @()
try
{
    $user = [ADSI] "LDAP://%distinguishedName%"
    $profilepath = $user.psbase.Invokeget("terminalservicesprofilepath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

Softerra: Correct me if im wrong. :)

0

Hello,

I'm curious if this script will run on an Remote Desktop Profile path
I received a message stating that no path has been defined, which leads me to believe it's trying to pull from the standard profile path.

Yes, the original script pulls the profile path for the standard profile, and not the Remote Desktop Settings profile.

odsven has already prompted a way to get the Remote Desktop Profile path, however it is overcomplicated and makes unnecessary calls to your Active Directory. There's a much simpler way to do this.

Find the following block in the original script:

# Get profile path from AD
$profilePaths = @()
try
{
    $profilePath += $Context.TargetObject.Get("profilePath")
    $profilePaths += $profilePath
}
catch
{
    $Context.LogMessage("No profile path specified", "Information") # TODO: modify me
    return
}

and replace it with the following:

# Get Remote Desktop Services profile path from AD
$profilePaths = @()
$profilePath = $Context.TargetObject.TerminalServicesProfilePath
if ([System.String]::IsNullOrEmpty($profilePath))
{
    $Context.LogMessage("No Remote Desktop Services profile path specified", "Information") # TODO: modify me
    return
}

$profilePaths += $profilePath

Related questions

0 votes
1 answer

Good Morning, I've been working through some of my processes and I'm not looking to make sure the deletion of Home directories (both remote and standard) as well as ... for user deletion. If there are any questions or clarification needed, please let me know.

asked Oct 16, 2015 by jtop (680 points)
0 votes
1 answer

Hello, We are evaluating Adaxes as a replacement for our existing AD management interface. As a result, we are looking at how Adaxes can simulate or replicate the ... more than happy to provide further information if required. regards and thanks, Jay Paterson

asked Feb 15, 2013 by jayapaterson (20 points)
0 votes
1 answer

If a user is disabled, I would like the following process to be automated: Direct reports of this disabled user (user A) are reassigned to new active user (user B) who ... is sent to User B indicating User As direct reports have been transferred to User B

asked Apr 29 by Cavolick (60 points)
0 votes
1 answer

With the changes in 2018.1, I was wondering if it's possible to use AAD PowerShell v2. I know that it was previously not supported.

asked Jun 29, 2018 by dtb147 (250 points)
0 votes
1 answer

Is there a way to hide or remove this from the MemberOf other actions menu?

asked Sep 19, 2014 by jheisley (590 points)
2,800 questions
2,533 answers
6,601 comments
59,198 users